← All Threat Actors
Threat Actor Profile

FIN8

ATK113 G0061 Syssphinx
▲ High Threat
FIN8 is a financially motivated group targeting the retail, hospitality and entertainment industries. The actor had previously conducted several tailored spearphishing campaigns using the downloader PUNCHBUGGY and POS malware PUNCHTRACK.
Origin

Target Sectors

Entertainment Hospitality Retail

Known TTPs

Valid Accounts
Exfiltration Over Unencrypted Non-C2 Protocol
System Owner/User Discovery
Security Software Discovery
Remote Desktop Protocol
LSASS Memory
Tool
Malicious File
Code Signing Certificates
Exploitation for Privilege Escalation
Windows Management Instrumentation Event Subscription
Spearphishing Link
Scheduled Task
Malicious Link
Web Service
Command Obfuscation
File Deletion
Spearphishing Attachment
Web Protocols
SMB/Windows Admin Shares
Clear Windows Event Logs
Archive via Utility
Remote Data Staging
Ingress Tool Transfer
System Information Discovery
PowerShell
Windows Command Shell
Asymmetric Cryptography
Asynchronous Procedure Call
Remote System Discovery
Data Encrypted for Impact
Domain Trust Discovery
Modify Registry
Token Impersonation/Theft
Internet Connection Discovery
Windows Management Instrumentation

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD