FIN7 Threat Group

Download the full FIN7 threat profile for this advanced persistent threat (APT), with known industry and geographic targets; exploited vulnerabilities and tools; previous campaigns, counter-campaigns, and known behaviors; associations and team structures; MITRE ATT&CK mappings; and more.

Download Now

Executive Summary

  • First Identified: 2012
  • Threat Type:
    • Advanced Persistent Threat (APT)
  • Extortion Method:
    • Drive-by compromise, vulnerability exploitation, supply chain compromise, trusted relationship, social engineering (MITRE ATT&CK: T1189, T1190, T1195, T1199, T1566)
  • Most Frequently Targeted Industries:
    • Consumer Cyclicals
    • Transportation
    • Utilities
  • Most Frequently Targeted Victim HQ Locations:
    • North America
    • Europe
  • Select Known Associations:
    • Combi Security
    • Bastion Secure
    • ITG23
    • Stark Industries Solutions
    • UNC3381
  • Select MITRE ATT&CK Mappings:
    • Initial Access
      • Drive-by compromise, vulnerability exploitation, supply chain compromise, trusted relationship, social engineering (MITRE ATT&CK: T1189, T1190, T1195, T1199, T1566)
    • Persistence
      • Scheduled tasks, browser extensions, create/modify system process, event triggered execution, boot or logon autostart execution (MITRE ATT&CK: T1053, T1176, T1543, T1546, T1547)
    • Lateral Movement
      • Abuse of remote services, replication through removable media, vulnerability exploitation, lateral tool transfer (MITRE ATT&CK: T1021, T1091, T1210, T1570)

Latest Blackpoint and APG Resources for FIN7

DATE PUBLISHEDMay 21, 2024
AUTHORBlackpoint Cyber

Subscribe to the Blackpoint Blog

Don’t let a lack of awareness leave the organizations you protect vulnerable to sophisticated and elusive attacks. Subscribe now for a weekly roundup of Blackpoint’s empowering articles.

Subscribe now!