FIN7

Download the full FIN7 threat profile for this advanced persistent threat (APT), with known industry and geographic targets; exploited vulnerabilities and tools; previous campaigns, counter-campaigns, and known behaviors; associations and team structures; MITRE ATT&CK mappings; and more.

Download Now

Executive Summary

  • First Identified: 2012
  • Threat Type:
    • Advanced Persistent Threat (APT)
  • Extortion Method:
    • Drive-by compromise, vulnerability exploitation, supply chain compromise, trusted relationship, social engineering (MITRE ATT&CK: T1189, T1190, T1195, T1199, T1566)
  • Most Frequently Targeted Industries:
    • Consumer Cyclicals
    • Transportation
    • Utilities
  • Most Frequently Targeted Victim HQ Locations:
    • North America
    • Europe
  • Select Known Associations:
    • Combi Security
    • Bastion Secure
    • ITG23
    • Stark Industries Solutions
    • UNC3381
  • Select MITRE ATT&CK Mappings:
    • Initial Access
      • Drive-by compromise, vulnerability exploitation, supply chain compromise, trusted relationship, social engineering (MITRE ATT&CK: T1189, T1190, T1195, T1199, T1566)
    • Persistence
      • Scheduled tasks, browser extensions, create/modify system process, event triggered execution, boot or logon autostart execution (MITRE ATT&CK: T1053, T1176, T1543, T1546, T1547)
    • Lateral Movement
      • Abuse of remote services, replication through removable media, vulnerability exploitation, lateral tool transfer (MITRE ATT&CK: T1021, T1091, T1210, T1570)

Latest Blackpoint and APG Resources for FIN7

DATE PUBLISHEDMay 21, 2024
AUTHORBlackpoint Cyber

2026 Annual Threat Report

What actually worked for attackers in 2025.

Most attackers aren’t breaking in
They’re logging in

Explore the real patterns behind modern intrusions in the 2026 Annual Threat Report

GET THE REPORT