Webinar: Hunting for FIN7 phishing and malware infrastructure

Banner for FIN7 webinar

Details

  • Date: Wednesday July 31, 2024, 12pm PST – now on-demand
  • Level: Intermediate
  • Duration: 40 mins (35 mins + 5 mins Q&A)

Background

FIN7 (also known as Sangria Tempest, ATK32, Carbon Spider, Coreid, ELBRUS, G0008, G0046, and GOLD NIAGARA) are a financially-motivated threat group with links to Russia that has been operating since at least 2013, who were previously thought to have been eliminated by the DOJ following a series of high-profile federal convictions.

FIN7 primarily targets US-based retail, hospitality, tech, consulting, financial services, medical equipment, media, transportation, and utilities industries.

For more information, read our recent FIN7 research report.

Structure

In the webinar, our team will provide a detailed overview of how – from a single origin point – they executed a variety of platform queries, scans and lookups to uncover 4000+ FIN7 Indicators of Future Attack (IOFAs), and built a traceable behavioral fingerprint of attacker activity by using FIN7’s own TTPs against them.

Active infrastructure discovered includes phishingspoofingshell and malware delivery domains and IPs targeting a broad range of big name brands.

The webinar will cover the following topics:

  1. Organizations and sectors targeted
  2. Legacy FIN7 attack vectors
  3. New FIN7 attack vectors
  4. Overlap with other threat actors
  5. Current FIN7 infrastructure
  6. FIN7 threat hunting summary
  7. Mitigation and prevention

Following the presentation, there will be a 5 minute Q&A session for attendees to gather intelligence specific to their organization.

Registration

Due to operational security reasons, we manually approve each individual who requests access to view this webinar. This means you may have to wait up to 24 hours to receive your personal login code. Thank you for your understanding!