A financial-motivated threat organization that has been active since 2013, FIN7 has targeted the retail, restaurant, and hospitality industries in the United States, often deploying point-of-sale malware to achieve its objectives.
Combi Security, a front firm for FIN7, was used to administer a component of the organization.
The FIN7 group has changed its approach to operation since 2020, adopting a large game hunting strategy that includes the use of ransomware such as REvil and their own Ransomware as a Service (RaaS), Darkside.
Although FIN7 seems to be associated with the Carbanak Group, it appears that there are many organizations that use Carbanak malware and are thus followed individually.
When FIN7 was recruiting new members, they pretended to be a legal firm, which was believable as they used genuine project management software (such as Atlassian JIRA) to coordinate their destructive operations and handle network intrusions.
Denys Iarmak, a Ukrainian member and “pen tester” for the FIN7 financially-motivated hacking group, was sentenced to five years in prison for breaching victims’ networks and stealing credit card information between November 2016 and November 2018. He was convicted of breaching victims’ networks and stealing credit card information for approximately two years, between November