Since 2012, the cybercrime group FIN7 has been linked to various ransomware families such as Black Basta, DarkSide, REvil, and LockBit. In April 2023, Microsoft detected the financially motivated threat actor deploying Cl0p (also known as Clop) ransomware, which was the group’s first ransomware campaign since late 2021. Microsoft classified this activity under its new taxonomy Sangria Tempest.
The group has been known to set up fake security companies, such as Combi Security and Bastion Secure, in order to recruit employees for conducting ransomware attacks and other operations.
Additionally, POWERTRASH is used to load the Lizar post-exploitation tool and gain access to a target network, followed by OpenSSH and Impacket to move laterally and deploy Clop ransomware.
IBM Security X-Force revealed that members of the now-defunct Conti ransomware gang are using a new malware called Domino, while WithSecure highlighted FIN7’s use of POWERTRASH to deliver Lizar (also known as DICELOADER or Tirion) in connection with attacks exploiting a high-severity flaw in Veeam Backup & Replication software (CVE-2023-27532).
This shift in FIN7’s monetization strategy from payment card data theft to extortion shows that the group is still relying on various ransomware families to target victims.
Source: Hackernews
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.