FIN10

Description

(FireEye) FireEye has observed multiple targeted intrusions occurring in North America — predominately in Canada — dating back to at least 2013 and continuing through at least 2016, in which the attacker(s) have compromised organizations’ networks and sought to monetize this illicit access by exfiltrating sensitive data and extorting victim organizations. In some cases, when the extortion demand was not met, the attacker(s) destroyed production Windows systems by deleting critical operating system files and then shutting down the impacted systems. Based on near parallel TTPs used by the attacker(s) across these targeted intrusions, we believe these clusters of activity are linked to a single, previously unobserved actor or group that we have dubbed FIN10.

Names

Name	Name-Giver
FIN10	FireEye

Country

Unknown

Motivation

Financial crime

First Seen

2016

Observed Sectors

Observed Countries

Canada
USA

Tools

Information

https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin10.pdf

Mitre Attack

https://attack.mitre.org/groups/G0051/

Other Information

Uuid

32e3ffa7-e053-4841-a072-7f314eb1637c

Last Card Change

2020-04-22

Threat Intelligence Garden

Explorer

FIN10

FIN10

Description

Names

Country

Motivation

First Seen

Observed Sectors

Observed Countries

Tools

Information

Mitre Attack

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks