Discovering FIN7's New Cyber Infrastructure
Cybersecurity researchers have recently uncovered new infrastructure linked to the infamous FIN7 cybercrime group. This discovery was made possible through a collaborative investigation involving Team Cymru, Silent Push, and Stark Industries Solutions. The uncovering of this infrastructure offers fresh insights into how FIN7 operates and the methods they use.
Understanding FIN7's Operations
FIN7 is known for being a financially motivated threat actor, meaning they commit cybercrimes for financial gain. Infrastructure in this context refers to the servers and systems used by the group to carry out their activities, such as launching attacks or storing stolen data.
New Infrastructure Linked to FIN7
The investigation revealed two clusters of potential FIN7 activity. These clusters show communications from IP addresses in Russia and Estonia, specifically from Post Ltd and SmartApe. This finding is significant because IP addresses serve as unique identifiers for devices on the internet, akin to a digital address.
Role of Resellers in Cybercrime
The new infrastructure was likely procured through resellers associated with Stark Industries. Resellers are businesses that sell services or products on behalf of a larger company, known as the 'parent' entity. In the hosting world, many companies offer reseller programs where smaller businesses can sell hosting services. Stark Industries' IP addresses were found to be dedicated solely to hosting FIN7's infrastructure.
Technical Details of the Discovery
Team Cymru identified additional IP addresses linked to FIN7 through their investigation. These IPs were assigned to Post Ltd and SmartApe, two service providers in Russia and Estonia, respectively. The infrastructure was actively engaging in communication, indicating ongoing cyber activities by FIN7.
Impact and Response
Once the connections between these IPs and FIN7 were confirmed, Stark Industries suspended the implicated services. This response is part of a responsible disclosure process that aims to mitigate the threat posed by such cyber infrastructures.
Conclusion
This discovery highlights the ongoing threat posed by cybercrime groups like FIN7 and underscores the importance of collaborative efforts in cybersecurity to combat such activities. Through diligent investigation and responsible actions, researchers can help dismantle the infrastructure that supports these cybercriminal enterprises.
For further insights into cyber threats and how they are tackled, one can refer to reputable sources such as cybersecurity publications and industry reports.
