FIN8 Target Hospitality Sector with Improved Backdoor
The FIN8 cybercriminal group has embarked on a new campaign targeting the hospitality sector with its custom backdoor used for delivering point-of-sales (PoS) malware. The backdoor, known as ShellTea or PunchBuggy, contains various evasion and persistence features and is distributed through phishing emails. The attack chain starts with a fileless dropper using PowerShell code executed from registry keys and leading to ShellTea. ShellTea is then injected into Explorer to establish communication with its C2 over HTTPS. Using the backdoor, the attacker can issue command, execute code and upload/download additional payloads, including a POS malware at the target system.
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services