Researchers this week shared details of an attack campaign by the infamous FIN7 threat group which had targeted a large US-based global automotive manufacturer.
FIN7, a Russian Advanced Persistent Threat (APT) group.also known as Carbon Spider, ELBRUS and Sangria Tempest, conducted a spear phishing campaign in late 2023 that was detected and eventually stopped by threats and BlackBerry’s research team. The attackers identified IT employees with high administrator rights and lured them by posing as an IP scanning tool with a malicious URL. Once employees opened the link, the threat actor executed its Anunak backdoor, allowing them to “gain an initial foothold using local binaries, scripts, and libraries (lolbas),” researchers at BlackBerry in a blog post detailing the attack.
BlackBerry said its threat and research team detected and stopped the attack before FIN7 was able to launch the ransomware portion of the attack.
In the past, FIN7 has targeted the US retail, hospitality and restaurant sectors, although it is now expanding to the defense, insurance and transportation sectors. BlackBerry researchers believe the threat group is now likely targeting larger entities, under the assumption that they will pay a higher ransom.
BlackBerry did not reveal the name of the targeted automaker.