?Formally attributedActiveMITRE G0046 →

FIN7

FIN7 is a financially-motivated threat group that has been active since 2013. FIN7 has targeted the retail, restaurant, hospitality, software, consulting, financial services, medical equipment, cloud services, media, food and beverage, transportation, pharmaceutical, and utilities industries in the United States. A portion of FIN7 was operated out of a front company called Combi Security and often used point-of-sale malware for targeting efforts. Since 2020, FIN7 shifted operations to big game hunting (BGH), including use of REvil ransomware and their own Ransomware-as-a-Service (RaaS), Darkside. FIN7 may be linked to the Carbanak Group, but multiple threat groups have been observed using Carbanak, leading these groups to be tracked separately.

Compare attribution across sources →

Attribution signal

?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low

0.0

None signal strength

Mentions0

Sources0

High conf.0

First observed

2017-05-31

Last active

Active

Origin

Eastern Europe — likely Russia or Ukraine based on indictments

Aliases

Techniques

Campaigns

Eastern Europe — likely Russia or Ukraine based on indictmentsmedium confidence

TargetsRetailRestaurantHospitalityFinancial

RegionsUsEuAu

Attribution signals

No attribution signals extracted yet — signals populate automatically as articles are processed.