FIN6 Cybergang Stole Tens of Millions of Credit Card From PoS Systems
Security researchers from FireEye and iSight Partner disclosed a report of featuring with the previously unidentified mode of operation of a hackers group which is named as FIN6.
FireEye says the group faced in 2015 and the group only focused on the stealing of financial information and specially theft of data from the credit card of organizations in the trades as well as the kindness of the sectors.
Even the researchers describe that the group only focused on PoS (Point of Sale) systems and they will use two very popular families of malware that supported with their criminal efforts.
All of the attacks of FIN6 initiated with the campaigns of email spam that spread the Grabnew malware which is also known as Law track and Neverquest.
And you know, Grabnew is a backdoor of credential-stealing with form-grabbing the capabilities as well as has the capacity to insert the code into an individual Web pages. Even Grabnew gathered the login credentials for the affected computers as well as for the PoS systems and then it broadcasted this information to the FIN6 hackers group.
Even FIN6 used also Grabnew as well as Trinity malware. The criminals used this information together with the ability of Grabnew to download as well as install other malware, to distribute their second risk which is called as Trinity that is a malware family for PoS terminals.
Trinity gathered the huge amounts of data from the affected systems as well as at the expected intervals, it would reduce all of the data as a ZIP file which is send it to an agent host from where it was transmitted to the C&C servers of the FIN6.
And the group would then take all this information as well as upload it to "card shops" that is hosted on the Dark Web where other illegal groups would purchase the information and transmits all of the fraud operations regarding the financial.
And the security researchers also added that in one singular card attack, FIN6 handled to the stolen data on over around the 20 million credit cards which are advertised through its card shops and pocketed the group over $400 million(€355 million).
And the reports concludes that "The story of FIN6 shows how real-world threat actors operate. Providing a glimpse not only into the technical details of the compromise, but also into the human factor as well; namely, the interactions between the different criminals or criminal groups, and how it is not just data being bartered or sold in the underground, but also tools, credentials, and access."