HQ/EMEAFind out how we can help your business
The FIN7 threat group have recently organised a cybersecurity campaign that targeted a prominent American automaker’s IT personnel through phishing tactics. Based on reports, this attack started late last year and aimed to infiltrate the automaker’s systems with the Anunak backdoor.
Moreover, the researchers revealed that FIN7 employed sophisticated spear-phishing techniques, explicitly targeting the carmaker’s IT staff members with high-level privileges. The attackers persuaded their victims with emails containing links to a malicious URL posing as a legitimate Advanced IP Scanner tool.
This fake site redirected unsuspecting visitors to a Dropbox page offering a malicious executable named ‘WsTaskLoad.exe’ that impersonated a genuine installer for Advanced IP Scanner.
The installer utilised by the FIN7 threat group has a series of functions that ultimately lead to deploying the Anunak backdoor.
Upon execution, the FIN7 threat group’s ‘WsTaskLoad.exe’ initiated a sophisticated series of actions, including the deployment of DLL files, WAV files, and shellcode execution to the installation and decryption of the Anunak backdoor payload.
In addition, this storage is within a file named ‘dmxl.bin.’ This backdoor is just one of multiple malware tools in FIN7’s arsenal, including Loadout, Griffon, PowerPlant, and Diceloader.
Although the attack capitalises on OpenSSH for persistent access and creating a scheduled task, the researchers noted that it did not observe lateral movement within the campaign. However, the researchers refrained from disclosing the victim organisation’s identity, only labelling it as a “large multinational automotive manufacturer based in the U.S.”
FIN7, a threat actor active since 2013, has increasingly targeted larger organisations in recent years, with ransomware being a common final payload. As of now, various experts emphasised the importance of defending against phishing attacks since it has become the primary intrusion vector for multiple criminals. Organisations should also provide comprehensive training to employees to recognise and avoid malicious schemes.
Furthermore, implementing multi-factor authentication (MFA) for all user accounts can increase the security defences against these attackers since it adds an extra layer of security even if credentials are compromised.
Finally, adhering to best practices such as using strong, unique passwords, maintaining up-to-date software, monitoring networks for suspicious activities, and deploying advanced email filtering solutions can significantly improve an organisation’s security posture against various attackers.
