Pierluigi Paganini August 29, 2023
FIN8-linked actor targets Citrix NetScaler systems

A financially motivated actor linked to the FIN8 group exploits the CVE-2023-3519 RCE in attacks on Citrix NetScaler systems in massive attacks. Sophos X-Ops is tracking an ongoing campaign, which is targeting Citrix NetScaler systems, conducted by threat actors linked to the FIN8 group [BleepingComputer, SOCRadar]. The hackers are exploiting the remote code execution, tracked […]

Pierluigi Paganini July 18, 2023
FIN8 Group spotted delivering the BlackCat Ransomware

The cybercrime group FIN8 is using a revamped version of the Sardonic backdoor to deliver the BlackCat ransomware. The financially motivated group FIN8 (aka Syssphinx) was spotted using a revamped version of a backdoor tracked as Sardonic to deliver the BlackCat ransomware (aka Noberus ransomware). Sardonic is a sophisticated backdoor that supports a wide range of features that was designed […]

Pierluigi Paganini January 19, 2022
Is White Rabbit ransomware linked to FIN8 financially motivated group?

A new ransomware gang named White Rabbit appeared in the threat landscape, experts believe it is linked to the FIN8 hacking group. A new ransomware gang called ‘White Rabbit’ launched its operations and according to the experts, it is likely linked to the FIN8 financially motivated group. In December the popular malware researcher Michael Gillespie, […]

Pierluigi Paganini August 25, 2021
FIN8 group used a previously undetected Sardonic backdoor in a recent attack

Financially motivated threat actor FIN8 employed a previously undocumented backdoor, tracked as ‘Sardonic,’ in recent attacks. The financially motivated threat actor FIN8 has been observed employing a previously undetected backdoor, dubbed Sardonic, on infected systems. The new backdoor was spotted by researchers from cybersecurity firm Bitdefender, it was discovered while investigating an unsuccessful attack carried […]

Pierluigi Paganini June 12, 2019
FIN8 Hacking Group is back with an improved version of the ShellTea Backdoor

After two years of silence, FIN8 group is back and carried out a new campaign against the hotel-entertainment industry employing the ShellTea/PunchBuggy backdoor. Two years later after the last report, FIN8 group is back and carried out a new campaign against the hotel-entertainment industry using an improved version of the ShellTea/PunchBuggy backdoor. The last time […]