Remember the infamous FIN7 group? The Russian cybercriminal gang have recently resurfaced, but not to a smooth start. Researchers have exposed a massive network of over 4,000 malicious domains and dozens of IP addresses spread across Russia and Estonia, practically exposing them as soon as they resurfaced. The race was over before it even began!
Who are FIN7?
If the name didn’t ring a bell at first, there is a good reason. Not only did this gang mainly have notoriety back in 2012-2020, but it also went under different names. You might very well recognise them as Carbon Spider, ELBRUS, or Sangria Tempest.
For a bit of background. They’re notorious for sophisticated malware campaigns, especially against US companies in the hospitality and gaming sectors. The FBI took down some of their top leaders in 2021, including a key organizer who got a ten-year prison sentence. FIN7 even set up fake cybersecurity companies, like Combi Security, to cover their tracks.
To clarify, this group never completely stopped their activity, but they slowed down. This was to the point that FIN7 was eventually thought to be a thing of the past. However, they resurfaced with some new tricks up its sleeve. With new some upgraded tools, they dived right back into the ransomware game. But this time, they ran into a serious roadblock.
The Takedown
A team effort by experts from Silent Push, Stark Industries Solutions, and Team Cymru led to this crackdown after months of collaboration. They uncovered two main clusters of FIN7’s activities, pinpointing over 4,000 domains used by the gang.
According to Team Cymru’s report, the two clusters reveal communications linked to FIN7’s infrastructure, with IP addresses traced back to Post Ltd in Russia and Smart Ape in Estonia. The gang used domains like thomsonreuter[.]info and dhlpost[.]nl in global phishing and malware attacks aimed at big names like the Louvre, Meta, and Reuters. Silent Push had already flagged FIN7 for targeting high-profile brands across various industries.
Conclusion
The battle against FIN7 is far from over, but this latest move is a strong reminder that cybercriminals are never truly safe from getting caught. As researchers continue to shine a light on these dark corners of the internet, it’s clear that teamwork and persistence are key to keeping cyber threats at bay.
We hope you’ve liked this blog and that you’ll stick around to see our future releases. We cover everything from recent IT News to Knowledgebase articles. Thanks for reading!