HQ/EMEAFind out how we can help your business
The notorious FIN7 hacking group has been selling its “AvNeutralizer” tool, which is designed to bypass security detection by destroying enterprise endpoint protection solutions on targeted corporate networks.
This malicious threat group is a Russian hacking organisation that has been operating for almost a decade. It primarily executes financial fraud campaigns by hacking organisations and stealing debit and credit cards.
However, this group eventually transitioned into the ransomware industry and became associated with the notorious DarkSide and BlackMatter ransomware-as-a-service platforms. These threat actors are most likely connected to the ALPHV ransomware gang, which was recently involved in an exit fraud after taking the UnitedHealth ransom payment.
FIN7 is infamous for using sophisticated phishing and social engineering tactics to acquire initial access to business networks. For example, it impersonates companies that distribute malicious USB keys and creates proprietary malware and tools.
They also established a fictitious security organisation called Bastion Secure to hire pen testers and developers for ransomware attacks without informing the candidates how their work would be used.
FIN7 has started to offer its most prized product to other threat actors.
The FIN7 group’s most well-known malicious tool, AvNeutralizer, also known as AuKill, is now available for purchase by other threat groups. This tool can disable protection software and was first identified by researchers in a cybercriminal campaign executed by the BlackBasta ransomware group in 2022.
Because BlackBasta was the only ransomware organisation that used the tool back then, the researchers believe it has ties with FIN7. However, a separate investigation revealed that five additional ransomware groups utilised the tool in several campaigns, meaning it was widely distributed before its recent selling to other hackers.
The experts warn that FIN7’s ongoing evolution and improvement in its TTPs and the sale of its software pose a severe threat to organisations worldwide. FIN7’s ongoing innovation, especially its sophisticated methods for avoiding security measures, shows its technical expertise, which can be a significant issue for cybersecurity providers.
The group’s adoption of several aliases and collaboration with other cybercriminal entities complicates attribution and indicates its sophisticated operational techniques.
