Bringing cybersecurity globally to critical and complex key activities
ATK88 (aka: FIN6) is a cybercrime group active since at least 2015, and focuses mostly on the financial sector. Their claim to fame is in attacking Point-of-Sales and stealing credit card data from them. Millions of cards were stolen using this method in recent years, and subsequently found to be sold on the dark web. Furthermore, in some cases, if they are unable to steal this data, they move to target card-not-present (CNP) data. They usually use specifically POS malware, and their victims are from companies that have many transactions. Therefore, most of their activity is against victims in the US and Europe. Of note, since mid-2018, it was spotted that the group has started to deploy ransomware on non Ecommerce networks.
The group may also be part of attacks that deploy ransomware such as Ryuk, LockerGoga and MegaCortex, again in likely partnership with banking Trojan botnets, which could be a further attempt to move into new “markets” that do not rely on the need to monetize credit card data.
REFERENCES