Researchers this week shared particulars of an assault marketing campaign by the notorious FIN7 menace group that focused a big US-based world automotive producer.
FIN7, a Russian superior persistent menace (APT) group, also referred to as Carbon Spider, ELBRUS, and Sangria Tempest, performed a spear-phishing marketing campaign in late 2023 that was noticed and finally halted by BlackBerry’s menace and analysis staff. The attackers recognized IT workers with excessive admin-level rights and lured them in by impersonating an IP scanning software with a malicious URL. As soon as the staff opened the hyperlink, the menace actor ran its Anunak backdoor, permitting them to “acquire an preliminary foothold using dwelling off the land binaries, scripts, and libraries (lolbas),” BlackBerry researchers stated in weblog publish detailing the assault.
BlackBerry stated its menace and analysis staff detected and disrupted the assault earlier than FIN7 was in a position to launch the ransomware portion of the assault.
Prior to now, FIN7 has focused US retail, hospitality, and restaurant sectors, although it’s now branching out to protection, insurance coverage, and transportation sectors. BlackBerry researchers consider that the menace group is now possible concentrating on bigger entities, with the belief that they may pay the next ransom.
BlackBerry didn’t disclose the identify of the focused automotive producer.