Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
How legal resellers unwittingly help hide the tracks of cybercriminals.
Cybersecurity researchers have discovered a new digital infrastructure linked to a financially motivated group of cybercriminals known as FIN7. This conclusion was made as part of a joint investigation conducted by Team Cymru, Silent Push and Stark Industries Solutions.
The study identified two threat clusters that indicate FIN7 activity. The first cluster is linked to IP addresses belonging to Post Ltd, a company allegedly located in Russia. The second cluster includes IP addresses assigned to SmartApe from Estonia. Both of these clusters show incoming connections to the infrastructure supposedly used by the FIN7 cluster.
These findings are based on the previous Silent Push report, which identified several IP addresses used exclusively to host the FIN7 infrastructure. According to the latest data, the hosts associated with this cyber group were probably purchased through one of the Stark Industries resellers.
Using reseller services is a common practice in the hosting industry. Large VPS providers often provide such services. Buyers who purchase infrastructure through resellers must comply with the terms of use established by the main company.
Team Cymru specialists also managed to identify additional IP addresses associated with FIN7 activity. Four of them are owned by Post Ltd, and three are owned by SmartApe. The first cluster showed active outgoing connections to 15 hosts previously detected by Silent Push. The second cluster from Estonia was seen in communication with 16 new hosts.
Notably, 12 hosts associated with the Post Ltd cluster were also detected in the SmartApe cluster. The services of these hosts were suspended after information was disclosed by Stark Industries. Metadata analysis confirms the establishment of these connections based on an assessment of TCP flags and the amount of data transmitted.
Effective counteraction to cybercrime requires close cooperation between experts and organizations from different countries. Data exchange and joint investigations allow you to quickly identify complex attack patterns and respond to new threats in a timely manner, despite attempts by attackers to hide their activities behind a variety of IP addresses and intermediary companies.
Source
Cybersecurity researchers have discovered a new digital infrastructure linked to a financially motivated group of cybercriminals known as FIN7. This conclusion was made as part of a joint investigation conducted by Team Cymru, Silent Push and Stark Industries Solutions.
The study identified two threat clusters that indicate FIN7 activity. The first cluster is linked to IP addresses belonging to Post Ltd, a company allegedly located in Russia. The second cluster includes IP addresses assigned to SmartApe from Estonia. Both of these clusters show incoming connections to the infrastructure supposedly used by the FIN7 cluster.
These findings are based on the previous Silent Push report, which identified several IP addresses used exclusively to host the FIN7 infrastructure. According to the latest data, the hosts associated with this cyber group were probably purchased through one of the Stark Industries resellers.
Using reseller services is a common practice in the hosting industry. Large VPS providers often provide such services. Buyers who purchase infrastructure through resellers must comply with the terms of use established by the main company.
Team Cymru specialists also managed to identify additional IP addresses associated with FIN7 activity. Four of them are owned by Post Ltd, and three are owned by SmartApe. The first cluster showed active outgoing connections to 15 hosts previously detected by Silent Push. The second cluster from Estonia was seen in communication with 16 new hosts.
Notably, 12 hosts associated with the Post Ltd cluster were also detected in the SmartApe cluster. The services of these hosts were suspended after information was disclosed by Stark Industries. Metadata analysis confirms the establishment of these connections based on an assessment of TCP flags and the amount of data transmitted.
Effective counteraction to cybercrime requires close cooperation between experts and organizations from different countries. Data exchange and joint investigations allow you to quickly identify complex attack patterns and respond to new threats in a timely manner, despite attempts by attackers to hide their activities behind a variety of IP addresses and intermediary companies.
Source
