After apparently lying dormant for some time, the financially motivated cybercrime group FIN8 have made their return. FIN8 threat actors have been observed recently using a new version of the BADHATCH backdoor, which was previously observed by researchers at Gigamon and Trend Micro in 2019. Multiple variants have been seen since then but with this new version, it is believed to be the most powerful yet. The latest edition is able to perform screen captures, proxy tunneling, fileless execution, and credential theft. On top of that, BADHATCH has various techniques that help it evade detection. This backdoor is believed to have been used during the past year in attacks against retail, chemical and insurance agencies from North to South America and even parts of Europe.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased