1 min read

Fin8 Group is Back in Business with Improved BADHATCH Kit

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Fin8 Group is Back in Business with Improved BADHATCH Kit

Bitdefender researchers have uncovered new versions of the BADHATCH backdoor used by the FIN8 threat actor to compromise companies in insurance, retail, technology, and chemical industries in the United States, Canada, South Africa, Puerto Rico, Panama, and Italy.

This new research describes the technical capabilities of a constantly-evolving threat actor and outlines the differences between the three BADHATCH versions.

Recommendations

Like most persistent and skilled cyber-crime actors, FIN8 operators are constantly refining their tools and tactics to avoid detection. Bitdefender recommends that merchants take the following actions to minimize the impact of financial malware:

  • Separate the POS network from the ones used by employees or guests
    Introduce cybersecurity awareness training for employees to help them spot phishing e-mails.
  • Integrate threat intelligence into existing SIEM or security controls for relevant Indicators of Compromise.
  • Small and medium organizations without a dedicated security team should consider outsourcing security operations to Managed Detection and Response providers.

Indicators of Compromise

An up-to-date and complete list of indicators of compromise is available to Bitdefender Advanced Threat Intelligence users. The currently known indicators of compromise can be found in the whitepaper below.

Download the research whitepaper

tags


Author



Right now

Top posts

BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign

BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign

December 06, 2022

1 min read
Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild

Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild

October 05, 2022

1 min read
A Red Team Perspective on the Device42 Asset Management Appliance

A Red Team Perspective on the Device42 Asset Management Appliance

August 10, 2022

1 min read
Vulnerabilities Identified in Wyze Cam IoT Device

Vulnerabilities Identified in Wyze Cam IoT Device

March 29, 2022

1 min read
New FluBot and TeaBot Global Malware Campaigns Discovered

New FluBot and TeaBot Global Malware Campaigns Discovered

January 26, 2022

10 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

December 10, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

EyeSpy - Iranian Spyware Delivered in VPN Installers EyeSpy - Iranian Spyware Delivered in VPN Installers
Janos Gergo SZELESBogdan BOTEZATU
2 min read
Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor
Bitdefender

January 05, 2023

1 min read
BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign
Adrian SCHIPORVictor VRABIE
1 min read