Reportseverity: Info2017-05-01

MITRE ATT&CK catalogs FIN7 as financially-motivated intrusion set

published by MITRE ATT&CK

Actor

FIN7?? · UnknowneCrime

Long-running financially-motivated crew historically tied to the Carbanak intrusion set. Initially targeted point-of-sale systems in the U.S. hospitality and retail sectors (300+ companies, 1,000+ lo…

Summary

MITRE ATT&CK published its FIN7 group profile (G0046), tracking the financially-motivated cluster active since at least 2013 against U.S. retail, restaurant, and hospitality targets. The profile records aliases including GOLD NIAGARA, ITG14, Carbon Spider, ELBRUS, and Microsoft's later 'Sangria Tempest' designation, and links FIN7 to the CARBANAK backdoor (S0030), GRIFFON, POWERSOURCE, and the Lizar/Diceloader implant.

Primary source

attack.mitre.org

Other FIN7 events

2024-07-17SentinelLabs ties AvNeutralizer EDR-killer to FIN7 and multiple RaaS gangs
2023-12-28Microsoft links Sangria Tempest (FIN7) to Clop ransomware deployment via App Installer abuse
2018-08-01DOJ unseals indictments against three FIN7 leaders

Summary

Tags

Primary source

Other FIN7 events