Skip to main content

The Billion-Dollar Hacking Group Behind a String of Big Breaches

posted onApril 5, 2018
by l33tdawg

This week, Saks Fifth Avenue, Saks Off 5th, and Lord & Taylor department stores—all owned by The Hudson’s Bay Company—acknowledged a data breach impacting more than five million credit and debit card numbers. The culprits? The same group that's spent the last few years pulling off data heists from Omni Hotels & Resorts, Trump Hotels, Jason’s Deli, Whole Foods, Chipotle: A mysterious group known as Fin7.

Data breaches dog consumers every day, whether they're ordering food from Panera, or tracking their nutrition with an Under Armour app. But if you've particularly had your credit card number stolen from a restaurant, hotel, or retail store in the past few years, you may have experienced FIN7 up close.

While lots of criminal hacking gangs are simply out to make money, researchers regard FIN7 as a particularly professional and disciplined organization. The group—which often appears to be Russian-speaking, but hasn't been tied to a home country—generally works on a normal business schedule, with nights and weekends off. It has developed its own malware tools and attack styles, and seems to have a well-funded research and testing division that helps it evade detection by antivirus scanners and authorities more broadly. In the Saks breach, FIN7 used "point of sale" malware—software secretly installed in the cash register transaction systems customers interact with—to lift the financial data, a signature move.

Source

Tags

Industry News

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th