In a recent report, FireEye’s Mandiant publicly announced the identification of a new financially motivated threat group dubbed FIN11. The most notable characteristic of FIN11 is its overlap with activity that other security researcher attribute to the well-known TA505 threat group. Both groups have deployed Cl0p ransomware in the past as well as the downloader FlawedAmmyy. The group that FireEye identifies as FIN11 also uses the Get2 downloader, which FireEye refers to as FRIENDSPEAK and delivers the SDBBot backdoor, which FireEye refers to as MIXLABEL. The TTPs of these attackers are very similar and noted that the potential for misattribution is possible. FIN11 will attempt to take a long-term approach after they choose a target. Even after losing access to a victim they will attempt to regain a foothold with multiple phishing campaigns months after the initial compromise.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.