FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT
-
The financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimate brands as a means to deliver MSIX installers that culminate in the deployment of NetSupport RAT. "The threat actors used malicious websites to impersonate well-known brands, including AnyDesk, WinSCP, BlackRock, Asana, Concur, The Wall Street Journal, Workable, and Google Meet," cybersecurity firm eSentire said in a report published earlier this week. FIN7 (aka Carbon Spider and Sangria Tempest) is a persistent e-crime group that's been active since 2013, initially dabbling in attacks targeting point-of-sale (PoS) devices to steal payment data, before pivoting to breaching large firms via ransomware campaigns. Over the years, the threat actor has refined its tactics and malware arsenal, adopting various custom malware families such as BIRDWATCH, Carbanak, DICELOADER (aka Lizar and Tirion), POWERPLANT, POWERTRASH, and TERMITE, among others. FIN7 malware is commonly deployed through spear-phishing campaigns as an entry to the target network or host, although in recent months the group has utilized malvertising techniques to initiate the attack chains.
ที่มาแหล่งข่าว
https://thehackernews.com/2024/05/fin7-hacker-group-leverages-malicious.html
