Threat Intelligence

New FIN7-linked infrastructure detailed

Share
Black Basta, an emerging ransomware-as-a-service group that has wrought havoc across industry and critical infrastructure sectors over the past year, likely shares tooling and perhaps personnel with the notorious FIN7 hacking group, according to SentinelOne researchers. (Image credit: solarseven via Getty)

More than two dozen IP addresses assigned to Stark Industries Solutions have been leveraged by Russian hacking group FIN7 for domains used in its operations, reports Security Affairs.

Such addresses, which may have been hosted through Stark infrastructure obtained from resellers, were immediately disrupted in coordination with Stark, and resulted in the identification of a pair of activity clusters containing IP addresses assigned to Russia-based Post Ltd and Estonia-based Smart Ape, according to a joint report from Team Cymru, Stark, and Silent Push researchers. The report noted that four IP addresses linked to Post Ltd had been in communication with 15 Stark-assigned hosts, including 86.104.72.16, which was also among the 16 hosts that were communicated with by the three Smart Ape-assigned IP addresses. Moreover, both Post Ltd and Smart Ape clusters shared 12 other hosts. "In addition to the 19 hosts identified in the two clusters described above, insights from Stark’s security team led to the discovery of a further six hosts, which we assess to be connected to the same activity," said the report.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.