Method used in European bank breach ties attack to FIN7 group

FIN7 is known for primarily targeting payment-card and other financial data using the Carbanak backdoor

Members of the cybercriminal group FIN7 could have been behind the network breach at an Eastern European bank last year, a new report by researchers from Bitdefender suggests.

In 2018, the computer network of an unnamed bank was infiltrated via spear phishing, enabling attackers to steal employee credentials as well as other confidential data used for controlling ATM networks.

Having analysed the attack in detail, Bitdefender concluded that the breach began in March 2018 and continued for more than two months. The perpetrators behind the attack used the same techniques that the FIN7 (or Carbanak) group has used in the past.

The incident occurred while security agencies in many countries were taking action against suspected leaders of FIN7, suggesting that FIN7 is a relatively large group and has much more widespread activities than previously thought.

The FIN7 group has been active since 2014, having targeted a large number of companies in various industries, including software, technology, banking, restaurants and government agencies. The group is known for primarily targeting payment-card and other financial data using the Carbanak exploit. Researchers also believe that FIN7 has ties to Eastern Europe, and that it has likely stolen more than $1 billion from multiple organisations in past four years.

The attack on the Eastern European bank began on the 7^th March 2018 with phishing emails. After an employee opened the malicious email, the hackers were able to access multiple systems on the network. They used the Cobalt Strike Beacon malware to infiltrate systems and steal employees' login credentials; eventually, they were able to steal confidential documents with details of banking protocols. The breach ended in May 2018, with the attackers deleting all the evidence from the bank's network.

"They were looking for specific documents related to internal banking procedures, internal applications and how those work," said Liviu Arsene, a senior cybersecurity analyst.

It's still unclear how much money the hackers were able to steal in this particular incident.

In August last year, the US Department of Justice announced that security agencies had arrested some of the alleged leaders of FIN7 from different countries. Despite those arrests, FIN7/Carbanak continued to launch spear-phishing campaigns through 2018 and reportedly targeted about 130 companies, according to Kaspersky Lab.

Andrii Kolpakov, who allegedly worked as the hacking director of the FIN7 group, appeared in a US court for the first time on Monday. Kolpakov is a Ukrainian citizen and was extradited to the US Afrom Spain last year.

that the breach started in March 2018