Home  >  Carbanak+FIN7
The CARBANAK+FIN7 Call for Participation is open!

Carbanak+FIN7 Emulation

ATT&CK Evaluations 2020
Participate
  • Call For Participation
  • Evaluating
  • Preparing
  • Published
ATT&CK Description

Carbanak  is a threat group that mainly targets banks. It also refers to malware of the same name (Carbanak). It is sometimes referred to as FIN7, but these appear to be two groups using the same Carbanak malware and are therefore tracked separately. [1][2]

FIN7 is a financially-motivated threat group that has primarily targeted the U.S. retail, restaurant, and hospitality sectors since mid-2015. They often use point-of-sale malware. A portion of FIN7 was run out of a front company called Combi Security. [2][3][4][5]

Emulation Notes

These groups carry a firm reputation of utilizing innovative tradecraft. Efficient espionage and stealth are at the forefront of their strategy, as they often rely heavily on scripting, obfuscation, “hiding in plain sight,” and fully exploiting the users behind the machine while pillaging an environment. They also leverage a unique spectrum of operational utilities, spanning both sophisticated malware as well as legitimate administration tools capable of interacting with various platforms (Windows and Linux, including point-of-sale specific technologies).

Scenario Overview

Scenario details will be made available after evaluations are complete.