Fin8 Group is Back in Business with Improved BADHATCH Kit
Bitdefender researchers have uncovered new versions of the BADHATCH backdoor used by the FIN8 threat actor to compromise companies in insurance, retail, technology, and chemical industries in the United States, Canada, South Africa, Puerto Rico, Panama, and Italy.
This new research describes the technical capabilities of a constantly-evolving threat actor and outlines the differences between the three BADHATCH versions.
Like most persistent and skilled cyber-crime actors, FIN8 operators are constantly refining their tools and tactics to avoid detection. Bitdefender recommends that merchants take the following actions to minimize the impact of financial malware:
- Separate the POS network from the ones used by employees or guests
Introduce cybersecurity awareness training for employees to help them spot phishing e-mails.
- Tune the e-mail security solution to automatically discard malicious or suspicious attachments.
- Integrate threat intelligence into existing SIEM or security controls for relevant Indicators of Compromise.
- Small and medium organizations without a dedicated security team should consider outsourcing security operations to Managed Detection and Response providers.
Indicators of Compromise
An up-to-date and complete list of indicators of compromise is available to Bitdefender Advanced Threat Intelligence users. The currently known indicators of compromise can be found in the whitepaper below.
A Red Team Perspective on the Device42 Asset Management Appliance
August 10, 2022
Vulnerabilities Identified in Wyze Cam IoT Device
March 29, 2022
New FluBot and TeaBot Global Malware Campaigns Discovered
January 26, 2022
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately
December 10, 2021
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand
November 08, 2021
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware
September 16, 2021