Carbanak, also known as Fin7, Anunak, Carbon Spider, is a threat actor group that has been found to be involved in several attacks against banks, financial, hospitality and restaurant verticals. This Russian speaking cybercriminal group is characterized by their persistent targeting and large-scale theft of payment card details from victims’ systems.
What do they target - The Fin7 or Carbanak are financially motivated threat actor group who primarily target financial organizations to directly steal and launder money. Although the year of origin is unknown, experts believe that the threat actors evolved from malware campaigns between 2013 and 2015 that used the banking trojans Craberp and Anunak to target financial institutions. Over the past few years, the group has increased its targets which includes but is not limited to restaurants, hospitality, energy, travel, education, construction, retail, and telecommunications.
How do they operate - The Carbanak cybercriminal gang mainly utilize weaponized office documents to target the victims. These malicious documents are distributed via spear-phishing emails. Apart from spear phishing, the group also demonstrates a range of capabilities, that includes using web forms for initial contact and engaging directly with pre-determined store managers.
The group is also known to use a sophisticated malware named Carbanak.
According to RSA, once the attackers gain access to a user system, they start moving laterally throughout the environment “to conduct internal reconnaissance, establish staging points and internal network paths, harvest credentials, and move towards their intended target.”
Some important attacks
As a consequence of these major attacks, the Department of Justice indicted three members of the group in 26 different cases ranging from wire fraud to computer hacking to identity theft.