Threat Actor Collective Fin11 Has Shifted to Financial Crimes

Twitter hackers began with tech support scam, FinFisher offices raided, Zoom to offer end-to-end encryption, Google and Intel warn of Bleeding Tooth Flaw in Linux, Trickbot network is still alive

(Check out our special report this morning on the New York Post’s article and the prospect of late-game cyberattacks and disinformation campaigns.)

A financially motivated threat actor collective called Fin11, known for its malware distribution campaigns has shifted focus to financial crimes including ransomware and extortion, researchers at FireEye’s Mandiant report. The gang has been involved in cybercrime activities since 2016 and has a significant overlap in TTPs (tactics, techniques, and procedures) with another threat group that cybersecurity researchers call TA505, which is behind the infamous Dridex banking Trojan and Locky ransomware. (Ravie Lakshmanan / The Hacker News)

Related: The Drum, Threat Research Blog, Cyberscoop, The Hacker News, CSO Online, Threatpost, SecurityWeek, SC Magazine,  Bleeping Computer, ZDNet