NEW: Group Profiler — instant APT intel lookup. Try it →

← threatfilter.dev / all groups / FIN8

FIN8

G0061 MITRE ATT&CK →

Also known as: Syssphinx

Overview

FIN8 is a financially motivated threat group that has been active since at least January 2016, and known for targeting organizations in the hospitality, retail, entertainment, insurance, technology, chemical, and financial sectors. In June 2021, security researchers detected FIN8 switching from targeting point-of-sale (POS) devices to distributing a number of ransomware variants.

Targets

Entertainment · Hospitality · Retail

Capabilities

  • Custom malware/implant development — ATT&CK: 5 attributed custom malware families

TTPs — 36 techniques across 13 tactics

Resource Development

Initial Access

Execution

Privilege Escalation

Stealth

Defense Impairment

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tools & malware (11)

Ping · BADHATCH · PUNCHBUGGY · Ragnar Locker · PUNCHTRACK · dsquery · Net · Nltest · Sardonic · PsExec · Impacket

Reporting (3)

Need the matrix overlay, mind-map, or technique-flow view? Open the interactive Group Profiler in a browser with JavaScript enabled.