Analysis & Insights

Media and Entertainment

FIN8 Target Hospitality Sector with Improved Backdoor

11 - 18 June 2019

The FIN8 cybercriminal group has embarked on a new campaign targeting the hospitality sector

The FIN8 cybercriminal group has embarked on a new campaign targeting the hospitality sector with its custom backdoor used for delivering point-of-sales (PoS) malware. The backdoor, known as ShellTea or PunchBuggy, contains various evasion and persistence features and is distributed through phishing emails. The attack chain starts with a fileless dropper using PowerShell code executed from registry keys and leading to ShellTea. ShellTea is then injected into Explorer to establish communication with its C2 over HTTPS. Using the backdoor, the attacker can issue command, execute code and upload/download additional payloads, including a POS malware at the target system.

 

References:

Security Alert: FIN8 is Back in Business, Targeting the Hospitality Industry

More Weekly Cyber Newsanalysis and insights

Media and Entertainment

FIN8 Target Hospitality Sector with Improved Backdoor

11 - 18 June 2019

The FIN8 cybercriminal group has embarked on a new campaign targeting the hospitality sector

The FIN8 cybercriminal group has embarked on a new campaign targeting the hospitality sector with its custom backdoor used for delivering point-of-sales (PoS) malware. The backdoor, known as ShellTea or PunchBuggy, contains various evasion and persistence features and is distributed through phishing emails. The attack chain starts with a fileless dropper using PowerShell code executed from registry keys and leading to ShellTea. ShellTea is then injected into Explorer to establish communication with its C2 over HTTPS. Using the backdoor, the attacker can issue command, execute code and upload/download additional payloads, including a POS malware at the target system.

 

References:

Security Alert: FIN8 is Back in Business, Targeting the Hospitality Industry

More Weekly Cyber Newsanalysis and insights