Cybersecurity researchers have discovered new infrastructure linked to the financially motivated threat actor FIN7. The findings indicate that FIN7 has established connections with at least 15 Stark-assign hosts in Russia and 16 in Estonia over the past 30 days.
The research, conducted by Team Cymru in collaboration with Silent Push and Stark Industries Solutions, found two clusters of potential FIN7 activity. One cluster, linked to Post Ltd (Russia), was observed conducting outbound communications with at least 15 Stark-assign hosts. The second cluster, linked to SmartApe (Estonia), communicated with no less than 16 Stark-assign hosts.
Further analysis revealed that 12 hosts identified in the Post Ltd cluster were also observed in the SmartApe cluster. Following responsible disclosure, Stark has suspended services for these hosts.
The research highlights the importance of monitoring metadata for suspicious connections and reviewing TCP flags and data transfer volumes to assess the nature of communications. The findings contribute to a better understanding of FIN7’s infrastructure and tactics, ultimately informing efforts to combat e-crime.
Source: https://thehackernews.com/2024/08/researchers-uncover-new-infrastructure.html?m=1