Home  >  Carbanak+FIN7

Carbanak+FIN7 Evaluation: Overview


Adversary Emulated

Carbanak and FIN7

Launched

2020

Status

Call for Participation

Participants

Call for Participation is open!

Emulation Tools

To Be Announced

ATT&CK Description

Carbanak  is a threat group that mainly targets banks. It also refers to malware of the same name (Carbanak). It is sometimes referred to as FIN7, but these appear to be two groups using the same Carbanak malware and are therefore tracked separately. [1][2]

FIN7 is a financially-motivated threat group that has primarily targeted the U.S. retail, restaurant, and hospitality sectors since mid-2015. They often use point-of-sale malware. A portion of FIN7 was run out of a front company called Combi Security. FIN7 is sometimes referred to as Carbanak Group, but these appear to be two groups using the same Carbanak malware and are therefore tracked separately. [2][3][4][5]

Emulation Notes

These groups carry a firm reputation of utilizing innovative tradecraft. Efficient espionage and stealth are at the forefront of their strategy, as they often rely heavily on scripting, obfuscation, “hiding in plain sight,” and fully exploiting the users behind the machine while pillaging an environment. They also leverage a unique spectrum of operational utilities, spanning both sophisticated malware as well as legitimate administration tools capable of interacting with various platforms (Windows and Linux, including point-of-sale specific technologies).

Scenario Overview

Scenario details will be made available after evaluations are complete.

Additional Resources

For more information about Carbanak and FIN7 and references about their targeting and behaviors, checkout:

  1. CARBANAK APT THE GREAT BANK ROBBERY
  2. FIN7 Evolution and the Phishing LNK
  3. Behind the CARBANAK Backdoor
  4. FIN7 Spear Phishing Campaign Targets Personnel Involved in SEC Filings
  5. On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation
  6. Three Members of Notorious International Cybercrime Group “Fin7” In Custody for Role in Attacking Over 100 U.S. companies
  7. Carbanak cyber-criminals steal $1bn from 100 banks worldwide