FIN7 Targets U.S. Carmaker’s IT Department in Spear-Phishing Assault

by | Apr 19, 2024 | News

FIN7 Targets U.S. Carmaker's IT Department in Spear-Phishing Assault

Post Views: 127




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

BlackBerry Reports: FIN7 Launches Spear-Phishing Attack on U.S. Carmaker’s IT Department

In a recent disclosure by BlackBerry researchers, it has been revealed that the financially motivated cybercrime group FIN7 targeted a prominent U.S. automotive manufacturer through a sophisticated spear-phishing campaign in late 2023.

FIN7, also known as Carbanak, strategically aimed at employees within the carmaker’s IT department who held elevated administrative privileges. The attackers exploited the guise of a free IP scanning tool to infiltrate systems with the Anunak backdoor, utilizing living-off-the-land binaries, scripts, and libraries (lolbas) for initial access.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Employing deceptive tactics, the threat actors utilized typosquatting by luring victims to a malicious URL, “advanced-ip-sccanner[.]com,” impersonating the legitimate “advanced-ip-scanner[.]com” website offering a free online scanning service. Visitors to the rogue site were redirected through intermediary URLs ultimately leading to the download of a malicious executable named WsTaskLoad.exe from an attacker-controlled Dropbox.

FIN7 US carmaker

Upon execution, WsTaskLoad.exe initiated a complex multi-stage process involving DLLs, WAV files, and shellcode execution, culminating in the loading and decryption of a file named ‘dmxl.bin,’ housing the Anunak payload.

Trending: 10 Misconceptions about Hacking




Trending: Offensive Security Tool: WAF Bypass

To maintain persistence, the threat actors leveraged WsTaskLoad.exe to install OpenSSH and established persistence through scheduled tasks on victim machines. While FIN7 is known for using OpenSSH for lateral movement and external access, these activities were not observed in this specific campaign.

The BlackBerry report underscores the critical need for organizations to be vigilant against sophisticated cyber threats like FIN7. It includes comprehensive recommendations for mitigation strategies and lists of Indicators of Compromise (IoCs) to aid in threat identification and response.

As threats continue to evolve, BlackBerry emphasizes the importance of proactive cybersecurity measures to safeguard against such malicious activities and protect critical infrastructure.

Trending: Apple Warns iPhone Users of ‘Mercenary Spyware Attack’ Targeting 92 Countries

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: securityaffairs.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This