FIN7 (also known as Sangria Tempest, ATK32, Carbon Spider, Coreid, ELBRUS, G0008, G0046, and GOLD NIAGARA) are a financially-motivated threat group with links to Russia that has been operating since at least 2013, who were previously thought to have been eliminated by the DOJ following a series of high-profile federal convictions.

FIN7 primarily targets US-based retail, hospitality, tech, consulting, financial services, medical equipment, media, transportation, and utilities industries. For more information, read our recent FIN7 research report.

In the webinar, Silent Push Senior Threat Analysts will provide a detailed overview of how – from a single origin point – they executed a variety of platform queries, scans and lookups to uncover 4000+ FIN7 Indicators of Future Attack (IOFAs), and built a traceable behavioral fingerprint of attacker activity by using FIN7’s own TTPs against them.

Active infrastructure discovered includes phishing, spoofing, shell and malware delivery domains and IPs targeting a broad range of big name brands.

The webinar will cover the following topics:

• Organizations and sectors targeted
• Legacy FIN7 attack vectors
• New FIN7 attack vectors
• Overlap with other threat actors
• Current FIN7 infrastructure
• FIN7 threat hunting summary
• Mitigation and prevention

Following the presentation, there will be a 5 minute Q&A session for attendees to gather intelligence specific to their organization.