Declared “dead” by the U.S. Attorney’s Office in 2023, the Russian cyber crime group Fin7 is impersonating some of the top global brands.
It is responsible for over $3 billion in losses over the last 10+ years.
Even after authorities put three members of Fin7 into prison, and the group thought disbanded, recent campaign activity points to the group being alive and well. Take the recent analysis of Fin7 by security vendor SilentPush.
Their analysis found campaigns that used 4000 domains and subdomain (and then noted, “with half active last week”) impersonating the following brands: Louvre Museum, Meta, Reuters (and WestLaw), Microsoft 365, Wall Street Journal, Midjourney, CNN, Quickbooks, Alliant, Grammarly, Airtable, Webex, LexisNexis, Bloomberg, Quicken, Cisco (Webex), Zoom, Investing[.]com, SAP Concur, Google, Android Developer, Asana, Workable, SAP (Ariba), Microsoft (Sharepoint), RedFin, Manulife Insurance, Regions Bank Onepass, American Express, Twitter, Costco, DropBox, Netflix, Paycor, Harvard, Affinity Energy, RuPay, Goto[.]com, Bitwarden, and Trezor.
It appears that many of their campaigns are focused on stealing either credentials or credit card details.
Organizations need to realize the futility of hoping that cyber crime will come to an end, and instead look for ways to mitigate much of the risk they create by looking at the methods cybercriminals use (spear phishing and phishing) and put mitigating protections in place, including security awareness training.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.