More than two dozen IP addresses assigned to Stark Industries Solutions have been leveraged by Russian hacking group FIN7 for domains used in its operations, reports Security Affairs.
Such addresses, which may have been hosted through Stark infrastructure obtained from resellers, were immediately disrupted in coordination with Stark, and resulted in the identification of a pair of activity clusters containing IP addresses assigned to Russia-based Post Ltd and Estonia-based Smart Ape, according to a joint report from Team Cymru, Stark, and Silent Push researchers. The report noted that four IP addresses linked to Post Ltd had been in communication with 15 Stark-assigned hosts, including 86.104.72.16, which was also among the 16 hosts that were communicated with by the three Smart Ape-assigned IP addresses. Moreover, both Post Ltd and Smart Ape clusters shared 12 other hosts. "In addition to the 19 hosts identified in the two clusters described above, insights from Stark’s security team led to the discovery of a further six hosts, which we assess to be connected to the same activity," said the report.