FIN8

APT / StateG0061
Techniques (MITRE ATT&CK)36
SourceMITRE ATT&CK
Also known as:Syssphinx

Vexday analysis

FIN8 (também conhecido como Syssphinx) é um grupo de ameaça com motivação financeira ativo pelo menos desde janeiro de 2016, identificado no MITRE ATT&CK como G0061. O grupo tem como alvos organizações nos setores de hotelaria, varejo, entretenimento, seguros, tecnologia, química e financeiro. A partir de junho de 2021, pesquisadores de segurança identificaram uma mudança no foco operacional do grupo, que passou a distribuir variantes de ransomware em substituição ao seu histórico de ataques a dispositivos de ponto de venda (POS). Ao grupo são atribuídas 36 técnicas documentadas no MITRE ATT&CK e 1 CVE de exploração conhecida.

Techniques (MITRE ATT&CK) 36

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Resource development
ToolCode Signing Certificates
Initial access
Spearphishing AttachmentSpearphishing Link
Execution
Windows Management InstrumentationScheduled TaskPowerShellWindows Command ShellMalicious LinkMalicious File
Privilege escalation
Exploitation for Privilege EscalationWindows Management Instrumentation Event Subscription
Credential access
LSASS Memory
Discovery
Internet Connection DiscoveryRemote System DiscoverySystem Owner/User DiscoverySystem Information DiscoveryDomain Trust DiscoverySecurity Software Discovery
Lateral movement
Remote Desktop ProtocolSMB/Windows Admin Shares
Collection
Remote Data StagingArchive via Utility
Command and control
Web ProtocolsWeb ServiceIngress Tool TransferAsymmetric Cryptography
Exfiltration
Exfiltration Over Unencrypted Non-C2 Protocol
Impact
Data Encrypted for Impact
defense-impairment
Modify RegistryClear Windows Event Logs
stealth
Command ObfuscationAsynchronous Procedure CallFile DeletionValid AccountsToken Impersonation/Theft

Exploited vulnerabilities 1

CVEs this group is known to exploit, per MITRE ATT&CK. Ordered by real-world severity.

CVE-2016-0167HIGHEPSS 6%KEV

FIN8 uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →