web analytics

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware – Source: securityaffairs.com

cybercrime-gang-fin7-returned-and-was-spotted-delivering-clop-ransomware-–-source:-securityaffairs.com
#image_title

Views: 0

Rate this post

Source: securityaffairs.com – Author: Pierluigi Paganini

Cybercriminal gang FIN7 returned with a new wave of attacks aimed at deploying the Clop ransomware on victims’ networks.

Researchers at Microsoft Security Intelligence team published a series of tweets to warn of a new wave of attacks aimed at distributing the Clop ransomware and linked it to the financially motivated cybercriminal group Sangria Tempest (ELBRUS, FIN7). The attacks confirm the return of the threat actors after a long period of inactivity. The group was spotted deploying the Clop ransomware in opportunistic attacks in April 2023.

FIN7 is a Russian criminal group (aka Carbanak) that has been active since mid-2015, it focuses on restaurants, gambling, and hospitality industries in the US to harvest financial information that was used in attacks or sold in cybercrime marketplaces.

In recent attacks, Fin7 was observed using the PowerShell script POWERTRASH to load the Lizar post-exploitation tool to get a foothold into the victim’s networks. Then they use OpenSSH and Impacket to move laterally and deploy the Clop ransomware payload.

In these recent attacks, Sangria Tempest uses the PowerShell script POWERTRASH to load the Lizar post-exploitation tool and get a foothold into a target network. They then use OpenSSH and Impacket to move laterally and deploy Clop ransomware.

— Microsoft Threat Intelligence (@MsftSecIntel) May 18, 2023

The Clop ransomware is just the newest strain the cybercrime gang has used to attacks in the wild.

“Clop is the latest ransomware strain that Sangria Tempest has been observed deploying over the years. The group previously deployed REvil and Maze before managing the now-retired DarkSide and BlackMatter ransomware operations.” reads one of the tweets published by the experts.

We are in the final!

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS

Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini

Please nominate Security Affairs as your favorite blog.

Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, FIN7)




Original Post URL: https://securityaffairs.com/146465/cyber-crime/fin7-delivering-clop-ransomware.html

Category & Tags: Breaking News,Cyber Crime,Malware,clop ransomware,Cybercrime,FIN7,Hacking,hacking news,information security news,malware,Pierluigi Paganini,Security Affairs,Security News – Breaking News,Cyber Crime,Malware,clop ransomware,Cybercrime,FIN7,Hacking,hacking news,information security news,malware,Pierluigi Paganini,Security Affairs,Security News

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

More Latest Published Posts