Their targets? A diverse bunch of industries around the globe, from retail giants, hospitality chains, and to the food service sector, with hotspots identified in the United States, the United Kingdom, Australia, and France
A intrusion set known as FIN7 has appeared once again, a wave of digital havoc since its last appearance back in 2015. Registering as a legitimate IT recruitment company, this clandestine group of Russian-speaking individuals perform their activities under the guise of lawful enterprise.
Their targets? A diverse bunch of industries around the globe, from retail giants, hospitality chains, and to the food service sector, with hotspots identified in the United States, the United Kingdom, Australia, and France. These cyber criminals lefts no stone unturned in their motives , even aligning themselves with other notorious threat actors such as BlackBasta, Lockbit, Darkside, and REvil to bolster their arsenal.
At the heart of their malevolent toolkit lies “Carbanak,” a lethal mixture of malware designed to infiltrate, cripple, and extort. From insidious loaders to ruthless ransomware and stealthy backdoors, this arsenal is the stuff of nightmares for cybersecurity experts worldwide. Among their deadly arsenal, one particularly insidious weapon stands out: Diceloader, a relentless malware known for its longevity and devastating capabilities.
Operating under the radar, Diceloader executes its sinister mission with surgical precision. Utilising a diabolical combination of PowerShell scripts and obfuscation techniques, this compact yet potent malware infiltrates target systems, laying the groundwork for future attacks. At its core, Diceloader employs Reflective DLL Injection, seamlessly embedding its malicious code into the very fabric of unsuspecting processes.
Once unleashed, Diceloader wastes no time in establishing its foothold, meticulously structuring its data within linked lists to facilitate its malevolent agenda. With multiple threads at its disposal, this insidious malware meticulously intercepts, parses, and formats incoming TCP packets from its command and control (C2) servers, all while stealthily evading detection.
As the digital battlefield continues to evolve, FIN7 and its cohorts stand as a stark reminder of the ever-present threat posed by cybercriminals. With their relentless pursuit of financial gain and power, these shadowy adversaries leave no stone unturned in their quest for domination, leaving organisations worldwide scrambling to fortify their defences against this insidious threat.
