WEBINAR

Hunting for FIN7 Phishing
and Malware Infrastructure

Hunting for FIN7 Phishing and Malware Infrastructure

July 31st, 2024 at 12pm PT

Summary

FIN7 (also known as Sangria Tempest, ATK32, Carbon Spider, Coreid, ELBRUS, G0008, G0046, and GOLD NIAGARA) are a financially-motivated threat group with links to Russia that has been operating since at least 2013, who were previously thought to have been eliminated by the DOJ following a series of high-profile federal convictions.

FIN7 primarily targets US-based retail, hospitality, tech, consulting, financial services, medical equipment, media, transportation, and utilities industries. For more information, read our recent FIN7 research report.

In the webinar, Silent Push Senior Threat Analysts will provide a detailed overview of how – from a single origin point – they executed a variety of platform queries, scans and lookups to uncover 4000+ FIN7 Indicators of Future Attack (IOFAs), and built a traceable behavioral fingerprint of attacker activity by using FIN7’s own TTPs against them.

Active infrastructure discovered includes phishingspoofingshell and malware delivery domains and IPs targeting a broad range of big name brands.

The webinar will cover the following topics:

    1. Organizations and sectors targeted
    2. Legacy FIN7 attack vectors
    3. New FIN7 attack vectors
    4. Overlap with other threat actors
    5. Current FIN7 infrastructure
    6. FIN7 threat hunting summary
    7. Mitigation and prevention

    Following the presentation, there will be a 5 minute Q&A session for attendees to gather intelligence specific to their organization.

    Register for webinar

    Please use the below form to register for the webinar.

    Get in touch

    Interested in learning more about Silent Push? Catch up with one of our team members to discuss our platform or view a demo.