The ICEBRG Blog

Footprints of FIN7: Tracking Actor Patterns (Part 2)

By: Justin Warner, Stephen Hinck
  • Tags:
  • FIN7
  • Threat Research

This is part two of a blog series detailing ICEBRG’s engagements with FIN7 throughout early 2017. Part one of this series focused the network communications and tradecraft involved with FIN7, specifically addressing how patterns in the C2 protocol allowed for ICEBRG to gain a deeper understanding of adversary TTPs. In this post, we will break out one of the ways in which FIN7 profits from their victims - compromise of point-of-sale (POS) environments and theft of cardholder data.

Footprints of FIN7: Tracking Actor Patterns (Part 1)

By: Justin Warner, Stephen Hinck
  • Tags:
  • FIN7
  • Threat Research

The 2017 Verizon DBIR Report states that 73% of breaches in 2016 were financially motivated and span a number of different industries and financial targets. Since 2015, a financially motivated threat group known as FIN7 (also referred to as the Carbanak Group) has emerged from the shadows and has been highlighted in a number of different incidents. This group is a moderately sophisticated and persistent adversary that has targeted various industries.

We are ICEBRG

By: William Peteroy
  • Tags:
  • about icebrg

Welcome to the ICEBRG blog, where you can find the latest news and information on what we’re working on and what we’re excited about. To start things off, we wanted to provide a brief introduction of who we are and why we do what we do.