Russian APT Group Thwarted in Attack on US Automotive Manufacturer

Researchers this week shared details of an attack campaign by the infamous FIN7 threat group that targeted a large US-based global automotive manufacturer.

FIN7, a Russian advanced persistent threat (APT) group, also known as Carbon Spider, ELBRUS, and Sangria Tempest, conducted a spear-phishing campaign in late 2023 that was spotted and ultimately halted by BlackBerry's threat and research team. The attackers identified IT employees with high admin-level rights and lured them in by impersonating an IP scanning tool with a malicious URL. Once the employees opened the link, the threat actor ran its Anunak backdoor, allowing them to "gain an initial foothold utilizing living off the land binaries, scripts, and libraries (lolbas)," BlackBerry researchers said in blog post detailing the attack.

BlackBerry said its threat and research team detected and disrupted the attack before FIN7 was able to launch the ransomware portion of the attack.

In the past, FIN7 has targeted US retail, hospitality, and restaurant sectors, though it is now branching out to defense, insurance, and transportation sectors. BlackBerry researchers believe that the threat group is now likely targeting larger entities, with the assumption that they will pay a higher ransom.

BlackBerry did not disclose the name of the targeted automotive manufacturer.