skip to Main Content

Cybercrime, FIN7 and RYUK groups are cooperating

Truesec cybersecurity experts: FIN7 and the RYUK cybercrime groups are cooperating. Maybe the first one sold its TTPs to the ransomware gang, probably they are closely affiliated and may be part of the same network

FIN7 and the RYUK (aka WIZARD SPIDER and FIN6) cybercrime groups are cooperating. It has been discovered by Truesec cybersecurity experts. Last summer researchers observed an attacker that used the tools and techniques of FIN7, including the CARBANAK RAT, to take over the network of an enterprise. In a subsequent attack almost six weeks later this foothold was used to deploy the RYUK ransomware on the victim network.  The aggression marks the first instance of the combination of FIN7 tools and the RYUK ransomware, indicating a change in pattern for FIN7 attacks. Up until now the APT has not been associated with ransomware attacks. This also suggests a closer collaboration between the two gangs. It is possible the first group simply sold the access to the second, but it is probable that both are more closely affiliated and may be part of the same organized crime network.

Back To Top