DOJ arrests three Ukrainians allegedly tied to FIN7 hacking gang

Three Ukrainians accused of hacking vast quantities of financial data from U.S. businesses have been indicted, the Department of Justice announced on Wednesday. The individuals arrested are Dmytro Fedorov, 44, Fedir Hladyr, 33, and Andrii Kopakov, 30. The trio are allegedly part of a hacking group called “FIN7” by the government, but more widely known as Carbanak, a group that allegedly stole billions from worldwide banks and tens of millions of dollars from U.S. companies since the group’s inception in 2014. Carbanak boasts dozens of members and a complex organization which, prosecutors say, the three arrested men helped manage and control. “The three Ukrainian nationals indicted today allegedly were part of a prolific hacking group that targeted American companies and citizens by stealing valuable consumer data, including personal credit card information, that they then sold on the Darknet,” said Assistant Attorney General Brian Benczkowski. The three men are charged with 26 felony counts alleging […]

The post DOJ arrests three Ukrainians allegedly tied to FIN7 hacking gang appeared first on Cyberscoop.

Continue reading DOJ arrests three Ukrainians allegedly tied to FIN7 hacking gang

Lord & Taylor & Saks customers payment cards stolen, sold on Dark Web

By Carolina
Apparently, FIN7 hackers are behind the breach – The same
This is a post from HackRead.com Read the original post: Lord & Taylor & Saks customers payment cards stolen, sold on Dark Web
Continue reading Lord & Taylor & Saks customers payment cards stolen, sold on Dark Web

FIN7 Spear Phishing Attacks Now Aim At Avoiding Detection

By Uzair Amir
The FIN7 hacking group has been targeting organizations from the
This is a post from HackRead.com Read the original post: FIN7 Spear Phishing Attacks Now Aim At Avoiding Detection
Continue reading FIN7 Spear Phishing Attacks Now Aim At Avoiding Detection

Fin7 weaponization of DDE is just their latest slick move, say researchers

When cybercrime gang FIN7 weaponized a new attack vector against Microsoft applications within a day of it being published last week, it was just the latest slick move from a threat group who’ve been consistently one step ahead of cyber defenders. A timeline of different attack vectors used by the group compiled by Morphisec researchers shows that FIN7 typically adopts a new technique within “a couple of days” of an attack being discovered, once the number of security solutions that detect it gets into double figures. The Morphisec researchers analyzed scoring of FIN7 attachment lures by VirusTotal — a service that scans files and tests them against 56 kinds of security software. “A look at Virus Total scoring reveals that when a FIN7 campaign is first active, is goes mostly undetected by security solutions. The malicious documents do not score more than 1-3 detections. Within a couple of days, security solutions update their patterns and […]

The post Fin7 weaponization of DDE is just their latest slick move, say researchers appeared first on Cyberscoop.

Continue reading Fin7 weaponization of DDE is just their latest slick move, say researchers

Cybercriminals hijacked a government server to send sophisticated malware to U.S. companies

A Eastern European hacking group hijacked U.S. state government servers to dispense malware through phishing emails that were designed to appear like they had come from the Securities and Exchange Commission, according to research by Cisco’s Talos team and an analysis by other cybersecurity experts familiar with the activity. The technical findings connect a known advanced persistent threat (APT) group, codenamed FIN7 by U.S. cybersecurity firm FireEye, to a sophisticated intrusion technique that was detected in a recent wave of spoofed emails that mimicked the SEC’s domain. The messages carried malware-laden Microsoft Word documents mentioning financial disclosure information from the EDGAR system. FIN7 is believed to represent a eastern European criminal enterprise that speaks Russian and operates internationally. Emails tied to this campaign were “highly targeted” and only sent to a small, select group of U.S. businesses in several different industry sectors, including finance, insurance and information technology, said Craig Williams, a senior […]

The post Cybercriminals hijacked a government server to send sophisticated malware to U.S. companies appeared first on Cyberscoop.

Continue reading Cybercriminals hijacked a government server to send sophisticated malware to U.S. companies

Carbanak Attackers Devise Clever New Persistence Trick

Hackers behind the Carbanak criminal gang have devised a clever way to gain persistence on targeted systems to more effectively pull off financially motivated crimes. Continue reading Carbanak Attackers Devise Clever New Persistence Trick

This elite cybercrime group is wreaking havoc on the U.S. restaurant industry

A sophisticated hacking group with suspected ties to cybercrime gangs operating in Eastern Europe is now actively targeting and breaching prominent, brand name restaurants in the U.S. A recently disclosed data breach suffered by Mexican fast food restaurant Chipotle was carried out by hackers linked to a group known as FIN7 or Carbanak Group, CyberScoop has learned. In addition to Chipotle, the hackers appears to be targeting national restaurant franchises Baja Fresh and Ruby Tuesday, according to malware samples and other evidence CyberScoop obtained. More than 20 U.S.-based hospitality companies — a combination of hotels and restaurants — have been successfully hacked by FIN7 since the summer of 2016, two cybersecurity researchers told CyberScoop on the condition of anonymity in order to speak freely regarding ongoing investigations. On February 22, a phishing email carrying an attachment titled “Payment overdue.eml” was sent to an email account associated with a Chipotle location […]

The post This elite cybercrime group is wreaking havoc on the U.S. restaurant industry appeared first on Cyberscoop.

Continue reading This elite cybercrime group is wreaking havoc on the U.S. restaurant industry

Fileless Malware Campaigns Tied to Same Attacker

Two recent fileless malware campaigns targeting financial institutions, government agencies and other enterprises have been linked to the same attack group. Continue reading Fileless Malware Campaigns Tied to Same Attacker