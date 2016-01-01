Chris Bing from CyberScoop notes:

"A sophisticated hacking group with suspected ties to cybercrime gangs operating in Eastern Europe is now actively targeting and breaching prominent brand-name restaurants in the U.S. More than 20 U.S.-based hospitality companies — the sector that includes hotels and restaurants — have been successfully hacked by FIN7 since the summer of 2016..." https://www.cyberscoop.com/chipotle-hack-fin7-carbanak-baja-fresh-ruby-tuesday/ (Javascript required.)

FIN7 is also linked to the Carbanak APT https://en.wikipedia.org/wiki/Carbanak and was accused a string of bank cyber-heists possibly totalling US $1 billion: https://threatpost.com/carbanak-ring-steals-1-billion-from-banks/111054/ https://securelist.com/blog/research/68732/the-great-bank-robbery-the-carbanak-apt/

This group has been described as "the first international cybermafia, a group of cybercriminals from Russia, Ukraine and other parts of Europe and China." and are suspected to have been involved with an SEC impersonation email campaign:

"In the phishing emails, FIN7 spoofed the sender email address as "EDGAR filings@sec.gov" in an email with an attachment reading disguised as a word doc entitled "Important_Changes_to_Form10_K.doc" " -http://www.readingeagle.com/business-weekly/article/scam-report-phishing-emails-target-executives-for-information.

Two other methods are also said to have been used in their attacks: fileless malware https://threatpost.com/hard-target-fileless-malware/125054/ and fake windows compatibility patches http://www.pcworld.com/article/3194523/security/financial-cybercrime-group-abuses-windows-app-compatibility-feature.html.