Threat Watch

Fin6 Linked to Volusion Attack

Fin6/Magecart Group 6 (MG6): On Wednesday, October 9th, 2019 it was reported that the cloud hosting website Volusion was the most recent victims from an attack known by the umbrella term Magecart. Originally, no specific group was determined to be behind the attack, but after further analysis by Trend Micro, they believe that this attack was carried out by the threat group Fin6, also known as Magecart Group 6. The group has been in the news more recently for being linked to other financially motivated crimes, including other Magecart attacks. Fin6 has been known in the past to register servers and domains using naming conventions that are similar to their victims’ names, which was seen in this attack. The group is also known to go after high profile, top-tier victims, which would include companies like Volusion due to their size and client base. Finally, Trend Micro was able to link the malware that was being used to previous attacks on British Airways and Newegg, which were attacked by Fin6. The malware seemed to be a new and improved version but still had relevant similarities.


Fin6 has been making the news more recently for a number of different attacks. At this time, there is no reason to believe that the group will slow down, and it is possible that they are already working on their next attack to use their improved skimmer that was seen in this attack.