HQ/EMEAFind out how we can help your business
The recently emerged hacking group known as Anon Black Flag has claimed responsibility for a targeted attack on the website of FinMoney, an Indian fintech company.
According to one of our iZOOlogic researchers, the threat actors conducted the alleged attack on finmoney[.]co[.]in on February 23 this year. However, there were no confirmed repercussions during the attack despite the hackers’ immediate claims.
This hacktivist group allegedly formed earlier this year, and our researcher observed that they have already attacked approximately 800 entities worldwide. In addition, the primary targets of this malicious organisation are websites and IT infrastructure, and their commonly used attacks are data leak, defacement, and distributed denial-of-service (DDoS).
Anon Black Flag released a sample of their stolen information on a dark web platform to prove the legitimacy of their claims.
Our researcher spotted a screenshot that the Anon Black Flag posted on a dark web platform. The screenshot displayed the dashboard of the compromised FinMoney website.
The screenshot also displayed a statement in which the actor stated that they had successfully broken into the Indian company’s website and acquired its entire database. They continued their threats by also including a statement wherein they emphasised that they would share more files as proof of the authenticity of their claims.
On the other hand, one of our researchers investigated some of the leaked files boasted by the attackers. The leaked files contain a PDF and three MS Word files covering details such as loans, account information, clients, and joining letters.
As per checking, our researcher’s investigation revealed that the leaked samples are corrupted and inaccessible besides the PDF file. The PDF file is the joining letter, which allegedly covers the employment details of the fintech company.
The FinMoney joining letter details the employee’s probation period, working hours, leaves, place of employment, and notice period. Furthermore, it includes the authorised signatory designation of the company.
As of now, there is no confirmation from the affected company. Unfortunately, the hacktivist group could still leak more details to increase the legitimacy of their attack and expose more about the alleged stolen database.
Our iZOOlogic researchers will continue to monitor this incident as more details unfold.
