Media and Entertainment

FIN8 Target Hospitality Sector with Improved Backdoor

11 - 18 June 2019

The FIN8 cybercriminal group has embarked on a new campaign targeting the hospitality sector

The FIN8 cybercriminal group has embarked on a new campaign targeting the hospitality sector with its custom backdoor used for delivering point-of-sales (PoS) malware. The backdoor, known as ShellTea or PunchBuggy, contains various evasion and persistence features and is distributed through phishing emails. The attack chain starts with a fileless dropper using PowerShell code executed from registry keys and leading to ShellTea. ShellTea is then injected into Explorer to establish communication with its C2 over HTTPS. Using the backdoor, the attacker can issue command, execute code and upload/download additional payloads, including a POS malware at the target system.

 

References:

Security Alert: FIN8 is Back in Business, Targeting the Hospitality Industry

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence