The FIN6 cybercriminal group has constantly evolved in the past few years. This financially motivated group has been found using a variety of data-stealing malware to expand its operations across the globe. The group is in operation since at least 2015.
Fin6 is primarily involved in stealing payment card details by compromising point-of-sale (PoS) systems in the hospitality and retail sectors. The cards, thus stolen, are later sold for profit on underground marketplaces. Towards the end of 2018, the group was found targeting multiple high-value eCommerce merchants with malicious documents to compromise payment servers.
FIN6 targets organizations that process a significant number of PoS transactions. It typically uses commercial PoS malware to steal payment card data. According to IBM X-Force, the group’s major targets are the retailers in the US and Europe.
For a successful intrusion, the group usually leveraged IT management software to deploy malware. It also abuses Windows Management Instrumentation Command (WMIC) to remotely execute the PowerShell commands and scripts.
Among the other noted activities, the FIN6 TTPs include:
Some of the major attacks of FIN6 threat actor group include:
The bottom line - FIN6 group hackers are constantly acquiring new tricks and techniques to steal login credentials, bypass antivirus systems and quietly steal millions of credit card details. Therefore, it is very necessary for organizations to identify additional security measures to mitigate the threat to both their networks and their valued customers.