After apparently lying dormant for some time, the financially motivated cybercrime group FIN8 have made their return. FIN8 threat actors have been observed recently using a new version of the BADHATCH backdoor, which was previously observed by researchers at Gigamon and Trend Micro in 2019. Multiple variants have been seen since then but with this new version, it is believed to be the most powerful yet. The latest edition is able to perform screen captures, proxy tunneling, fileless execution, and credential theft. On top of that, BADHATCH has various techniques that help it evade detection. This backdoor is believed to have been used during the past year in attacks against retail, chemical and insurance agencies from North to South America and even parts of Europe.
Analyst Notes
Threat groups are continuously updating their tactics and tools to help avoid detection. To best protect themselves, businesses should consider adopting a defense-in-depth strategy to combat attacks. Using the services offered by the Binary Defense Security Operations Center (SOC), companies can have the peace of mind knowing their endpoints are continuously being monitored for any signs of intrusion and attacks are being stopped as soon as they are identified. BitDefender also suggests for organizations to “separate the POS network from the ones used by employees or guests” and filter out emails containing malicious or suspicious attachments.”
Sources: https://www.cyberscoop.com/fin8-financial-hack-bitdefender/
https://thehackernews.com/2021/03/fin8-hackers-return-with-more-powerful.html
