Mandiant Uncovers Threat Actors Known As FIN7

Mandiant research has disclosed a threat actor group known as FIN7 which has leveraged multiple methods of initial and secondary access into victim networks including phishing, compromising third-party systems, RDP and more to target software, consulting, cloud services and medical equipment organizations. The activity following FIN7 as well as the technical overlaps suggest FIN7 actors have been associated with various ransomware operations over time.

Yaron Kassner, CTO and Cofounder, Silverfort had this comment on the Mandiant research:

“According to Mandiant’s report Fin7 were using Kerberoasting, a method to break service account passwords. They were also stealing credentials to move laterally with RDP and SSH. These are common methods used in cyber-attacks because they are simple ways to gain access to additional systems and these interfaces aren’t always protected with MFA. Organizations should monitor authentication traffic to detect these techniques. They should also use MFA for human accounts, and virtual fencing for service accounts, to make sure the attacker doesn’t get beyond the initial point of access.”

Besides using MFA, passwordless authentication options should be considered as well. Many vendors either have these solutions already in the marketplace, or they are coming to market to respond to threat actors like FIN7.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: