Quote:The financially motivated FIN8 cybergang used a brand-new backdoor – dubbed Sardonic by the Bitdender researchers who first spotted it – in attempted (but unsuccessful) breaches of networks belonging to two unidentified U.S. financial organizations.
It’s a nimble newcomer, researchers wrote: “The Sardonic backdoor is extremely potent and has a wide range of capabilities that help the threat actor leverage new malware on the fly without updating components,” according to Bitdefender’s report.
FIN8 has typically gone after financial services and payment-card data from point-of-sale (PoS) systems, particularly those of retailers, restaurants and the hotel industry. It’s been active since at least January 2016, but it periodically pops in and out of dormancy in order to fine-tune tactics, techniques and procedures (TTPs) and thereby evade detection and ramp up its success rate.
True to form, in March, Bitdefender spotted FIN8 re-emerging after a period of relative quiet with a new version of the BadHatch backdoor to compromise companies in the chemical, insurance, retail and technology industries. Sardonic is an updated version of BadHatch that’s apparently still under development, Bitdefender said.
It’s a refinement of BadHatch in that it can be automatically boosted with new functionality without the malware needing to be redeployed: A way to make it more agile, Bitdefender said.
Bogdan Botezatu, director of threat research for Bitdefender, told BankInfoSecurity that the security firm has seen FIN8 carrying out two attacks over the past few months, what he called “unusually high activity for a threat actor that used to take long breaks between attacks.”
Read more: FIN8 Targets US Bank With New ‘Sardonic’ Backdoor
![[-]](https://www.geeks.fyi/images/collapse.png)
