Webinar: Hunting for FIN7 phishing and malware infrastructure
Details
- Date: Wednesday July 31, 2024, 12pm PST – now on-demand
- Level: Intermediate
- Duration: 40 mins (35 mins + 5 mins Q&A)
Background
FIN7 (also known as Sangria Tempest, ATK32, Carbon Spider, Coreid, ELBRUS, G0008, G0046, and GOLD NIAGARA) are a financially-motivated threat group with links to Russia that has been operating since at least 2013, who were previously thought to have been eliminated by the DOJ following a series of high-profile federal convictions.
FIN7 primarily targets US-based retail, hospitality, tech, consulting, financial services, medical equipment, media, transportation, and utilities industries.
For more information, read our recent FIN7 research report.
Structure
In the webinar, a Senior Threat Analyst will provide a detailed overview of how – from a single origin point – they executed a variety of platform queries, scans and lookups to uncover 4000+ FIN7 Indicators of Future Attack (IOFAs), and built a traceable behavioral fingerprint of attacker activity by using FIN7’s own TTPs against them.
Active infrastructure discovered includes phishing, spoofing, shell and malware delivery domains and IPs targeting a broad range of big name brands.
The webinar will cover the following topics:
- Organizations and sectors targeted
- Legacy FIN7 attack vectors
- New FIN7 attack vectors
- Overlap with other threat actors
- Current FIN7 infrastructure
- FIN7 threat hunting summary
- Mitigation and prevention
Following the presentation, there will be a 5 minute Q&A session for attendees to gather intelligence specific to their organization.
Registration
Due to operational security reasons, we manually approve each individual who requests access to view this webinar. This means you may have to wait up to 24 hours to receive your personal login code. Thank you for your understanding!
