Phineas Fisher: One of the most well-known threat actors has released a new manifesto offering to reward hacktivists for their criminal activity. An unidentified threat actor who uses the pseudonym Phineas Fisher has been well-known since 2014 when they stole the internal data from a British-German surveillance vendor called Gamma Group. Along with this attack, the actor has targeted other surveillance companies around the world as well as other entities based on the geopolitical situation at the time of the attacks. In 2016, the actor decided to take a break from being in the spotlight and dealing with the stress that they felt they were under. Now, the actor has resurfaced with a new manifesto talking about how they targeted the Cayman Bank and Trust Company in 2016–detailing how they breached the bank and stole money, then claimed to have given all the stolen money away. In the newest manifesto, Fisher calls on other hacktivists to follow in his footsteps calling hacking a “powerful tool to fight economic inequality.” The stolen documents from the Cayman Bank attack were shared on the Distributed Denial of Secrets website, which is used to share documents anonymously. Because of their interest in hacktivism and desire to encourage others to use hacking to achieve similar goals, the actor has offered to pay other hacktivists upwards of $100,000 in Bitcoin for any attack that steals private documents that could be leaked to expose companies. Fisher gave examples of targets that they would like to be seen being targeted including livestock companies in South America, the Israeli spyware vendor NSO Group, and the oil company Halliburton.
Analyst Notes
The Cayman Bank attack is the fifth attack by Phineas Fisher that they have publicly taken credit for. It is possible that after taking a break, the threat actor decided that they did not want to return to the risks associated with hacking companies, which could explain why they instead wanted to motivate others to steal and expose private information from companies. Calling this a Hacktivist Bug Bounty Program is misleading. Typically, bug bounty programs are used by companies to pay ethical hackers to try to find vulnerabilities or bugs in their network. In this case, a third party is supplying the money to the actors, which is essentially running a hacker-for-hire operation that pays after the job is done. This call to action from this well-known threat actor could motivate many threat actors to target companies, especially if a payment from Phineas Fisher is confirmed. Companies should stay vigilant against threat actors by employing security best practices including defense-in-depth, which includes Endpoint Detection and Response (EDR) sensors to detect attacker behaviors inside a protected network. The actor has done one interview with Vice before, using a puppet and voice actor to portray themselves. Information about this new manifesto was also shared through Vice and more information can be found here: https://www.vice.com/en_au/article/vb5agy/phineas-fisher-offers-dollar100000-bounty-for-hacks-against-banks-and-oil-companies
