SentinelOne researchers warn that the financially motivated group FIN7 is utilising various pseudonyms to promote a security evasion tool on several criminal underground forums. FIN7 created a tool called AvNeutralizer (also known as AuKill) that can circumvent safety measures. The researchers discovered that the tool was employed by multiple ransomware operations, including AvosLocker, MedusaLocker, BlackCat, Trigona, and LockBit.
The researchers identified a new version of AvNeutralizer that uses a novel way to interfere with and bypass security mechanisms, exploiting the Windows driver ProcLaunchMon.sys.
“New evidence shows FIN7 is using multiple pseudonyms to mask the group’s true identity and sustain its criminal operations in the underground market,” the researchers explained . “FIN7’s campaigns demonstrate the group’s adoption of automated SQL injection attacks for exploiting public-facing applications.”
Last year in November, SentinelOne reported a potential link between FIN7 and the use of EDR evasion tools in ransomware attacks involving the Black Basta group.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: