Cybersecurity researchers [2] [3], in collaboration with Team Cymru, Silent Push [1] [2] [3] [4], and Stark Industries Solutions [1] [2] [3] [4], have identified new infrastructure associated with the financially motivated threat actor FIN7 [2] [3].
Description
Investigations have revealed that IP addresses assigned to Post Ltd in Russia and SmartApe in Estonia were linked to FIN7 activity. Stark Industries IP addresses were also found to be hosting FIN7 infrastructure [2], potentially obtained through one of Stark’s resellers. Communications between the clusters and Stark-assigned hosts led to the suspension of services by Stark following responsible disclosure [2]. Further investigation identified additional infrastructure connected to FIN7 activity, including IP addresses assigned to Post Ltd and SmartApe [1] [2] [3] [4]. The Russian clusters had interactions with at least 15 Stark servers [3], while the Estonian cluster communicated with at least 16 hosts [3]. Stark terminated suspicious services after traffic analysis confirmed deliberate connections based on TCP signals and data transfer volumes.
Conclusion
The discovery of new FIN7 infrastructure highlights the ongoing threat posed by financially motivated threat actors. The responsible disclosure and subsequent suspension of services by Stark Industries demonstrate the importance of collaboration between researchers and organizations in combating cyber threats. Continued vigilance and proactive measures are essential to mitigate the risks associated with such malicious activities in the future.
References
[1] https://securityaffairs.com/167258/cyber-crime/experts-found-infrastructure-fin7.html
[2] https://thehackernews.com/2024/08/researchers-uncover-new-infrastructure.html
[3] https://tecmania.com.br/pesquisadores-descobrem-nova-infraestrutura-vinculada-ao-grupo-de-crimes-ciberneticos-fin7/
[4] https://ezitech.org/blogs/scholars-discover-novel-infrastructure-connected-to-the-fin7-cybercrime-organization/
