Russian APT Group Thwarted in Attack on US Automotive Manufacturer

The group gained access to the victim network by duping IT employees with high administrative-access privileges.

Dark Reading Staff, Dark Reading

April 18, 2024

1 Min Read
Steering wheel and dashboard of a car traveling on a bridge
Source: Scharfsinn via Alamy Stock Photo

Researchers this week shared details of an attack campaign by the infamous FIN7 threat group that targeted a large US-based global automotive manufacturer.

FIN7, a Russian advanced persistent threat (APT) group, also known as Carbon Spider, ELBRUS, and Sangria Tempest, conducted a spear-phishing campaign in late 2023 that was spotted and ultimately halted by BlackBerry's threat and research team. The attackers identified IT employees with high admin-level rights and lured them in by impersonating an IP scanning tool with a malicious URL. Once the employees opened the link, the threat actor ran its Anunak backdoor, allowing them to "gain an initial foothold utilizing living off the land binaries, scripts, and libraries (lolbas)," BlackBerry researchers said in blog post detailing the attack.

BlackBerry said its threat and research team detected and disrupted the attack before FIN7 was able to launch the ransomware portion of the attack.

In the past, FIN7 has targeted US retail, hospitality, and restaurant sectors, though it is now branching out to defense, insurance, and transportation sectors. BlackBerry researchers believe that the threat group is now likely targeting larger entities, with the assumption that they will pay a higher ransom.

BlackBerry did not disclose the name of the targeted automotive manufacturer.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights