Security Center Security News v
FIN6 Group Stole Tens of Millions of Credit Card Records from PoS Systems

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
FIN6 Group Stole Tens of Millions of Credit Card Records from PoS Systems
baziroll Offline
ツツツツツツツツツ
*****
MotM
Posts: 8,755
Threads: 4,248
Thanks Received: 11,371 in 4,807 posts
Thanks Given: 33,610
Joined: Jan 2016
Reputation: 196
ReporterMember Of The MonthThe Century
#1
04-22-2016 , 10:48 PM
[Image: fin6-group-stole-tens-of-millions-of-cre...3253-2.png]
Yesterday, security researchers from FireEye and iSight Partner revealed a report detailing the previously unknown mode of operation of a criminal group named FIN6.

FireEye says the group surfaced in 2015 and focused only on the theft of financial information, mainly credit card data from organizations in the retail and hospitality sectors.

Researchers explain the group only targeted PoS (Point of Sale) systems and used two well-known malware families that aided their criminal efforts.

All FIN6 attacks started with email spam campaigns that distributed the Grabnew malware, also known as Vawtrack and Neverquest.

Grabnew is a credential-stealing backdoor with form-grabbing capabilities and the ability to inject code into specific Web pages. Grabnew collected login credentials for infected computers and PoS systems and then transmitted this information to the FIN6 group.
"FIN6 used Grabnew and Trinity malware"

The crooks then used this information, together with Grabnew's ability to download and install other malware, to deliver their second threat called Trinity, a malware family for PoS terminals.

Trinity collected vast amounts of data from infected systems, and at regular intervals, it would compress all data as a ZIP file, send it to an intermediary host, from where it was relayed to FIN6's C&C (command and control) servers.

The group would then take all this information and upload it to "card shops" hosted on the Dark Web, where other criminal groups would buy the information and carry out financial fraud operations.

Security researchers added that, in one singular card breach, FIN6 managed to steal data on over 20 million credit cards, which, when sold through its card shops, pocketed the group over $400 million (€355 million).

A visual presentation of FIN6's activities can be viewed in the YouTube video below, and for more details, Softpedia readers can download FireEye and iSight Partner's Follow the Money: Dissecting the Operations of the Cyber Crime Group FIN6 report.
source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Hackers steal 50,000 credit cards from 300 U.S. restaurants mrtrout 0 708 07-20-2022 , 02:25 AM
Last Post: mrtrout
  Hackers are targeting industrial systems with malware mrtrout 0 635 07-16-2022 , 06:46 PM
Last Post: mrtrout
  Over 60 million wearable, fitness tracking records exposed via unsecured database mrtrout 0 581 09-15-2021 , 03:24 AM
Last Post: mrtrout
  38 million records exposed because companies used default configs in Microsoft Power mrtrout 0 586 08-23-2021 , 08:47 PM
Last Post: mrtrout
  Customized Trojan Stole Data From 3M Windows PC Users mrtrout 0 700 07-02-2021 , 05:51 AM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)