Security news that informs and inspires

Digging Into FIN7’s Latest Tools and Tactics

By

The FIN7 cybercrime group has been active since at least 2013 and has used a wide range of tactics and tools in that time, including the Carbanak backdoor, the Black Basta ransomware, and perhaps most notably, the AvNeutralizer tool. AvNeutralizer, as its name might suggest, is designed specifically to tamper with EDR and other security tools, disabling them so that the threat actors can perform other maicious actions without throwing alerts.

In a new research report this week, SentinelOne's Antonio Cocomazzi dug into FIN7's current tactics and discovered a new version of AvNeutralizer that the group has been deploying in some recent intrusions. He also found that the group is selling the tool to other threat actors and sharing an obfuscator with those buyers, as well.