← threatfilter.dev / all groups / FIN5
FIN5
Overview
FIN5 is a financially motivated threat group that has targeted personally identifiable information and payment card information. The group has been active since at least 2008 and has targeted the restaurant, gaming, and hotel industries. The group is made up of actors who likely speak Russian.
TTPs — 11 techniques across 9 tactics
Resource Development
-
T1588.002Tool
Execution
Persistence
-
T1133External Remote Services
Stealth
-
T1070.004File Deletion -
T1078Valid Accounts
Defense Impairment
-
T1685.005Clear Windows Event Logs
Credential Access
-
T1110Brute Force
Discovery
-
T1018Remote System Discovery
Collection
-
T1074.001Local Data Staging -
T1119Automated Collection
Command and Control
-
T1090.002External Proxy
Tools & malware (6)
Windows Credential Editor · PsExec · FLIPSIDE · pwdump · SDelete · RawPOS
Reporting (3)
- Are you Ready to Respond? (Webinar) — Scavella, T. and Rifki, A
- Attacking the Hospitality and Gaming Industries: Tracking an Attacker Around the World in 7 Years — Bromiley, M. and Lewis, P
- Prolific Cybercrime Gang Favors Legit Login Credentials — Higgins, K