Ransomware Intrusion Group FIN12 Ramps-Up in Europe
A long-running threat group with a track record of rapid ransomware deployment and healthcare sector victims is ramping up its operations in Europe and APAC, Mandiant has warned.
In a new report detailing the work of FIN12, the threat intelligence firm claimed that the prolific threat group had focused mainly on North American targets since its activities were first recorded in 2018.
Around 85% were from this region, and 20% thus far have been healthcare sector organizations, which many ransomware groups promised to steer clear of during the pandemic.
The bad news for organizations elsewhere in the world is that FIN12 appears to be changing its geographical focus.
“We observed twice as many victim organizations based outside of North America in the first half of 2021 than we observed in 2019 and 2020 combined. Collectively, these organizations have been based in Australia, Colombia, France, Indonesia, Ireland, the Philippines, South Korea, Spain, the United Arab Emirates, and the UK,” explained Mandiant in a blog post.
“This shift could be due to various factors such as FIN12 working with more diverse partners to obtain initial access and increasingly elevated and unwanted attention from the