Chris Bing from CyberScoop notes:
"A sophisticated hacking group with suspected ties to cybercrime gangs operating in Eastern Europe is now actively targeting and breaching prominent brand-name restaurants in the U.S. More than 20 U.S.-based hospitality companies — the sector that includes hotels and restaurants — have been successfully hacked by FIN7 since the summer of 2016..." https://www.cyberscoop.com/chipotle-hack-fin7-carbanak-baja-fresh-ruby-tuesday/ [cyberscoop.com]
Fin 7 also linked to the Carbanak APT https://en.wikipedia.org/wiki/Carbanak [wikipedia.org] and was accused a string of bank cyber-heists possibly totalling US $1 billion: https://threatpost.com/carbanak-ring-steals-1-billion-from-banks/111054/ [threatpost.com] https://securelist.com/blog/research/68732/the-great-bank-robbery-the-carbanak-apt/ [securelist.com]
This group has been described as "the first international cybermafia, a group of cybercriminals from Russia, Ukraine and other parts of Europe and China." and are suspected to have been involved with an SEC impersonation email campaign:
"In the phishing emails, FIN7 spoofed the sender email address as “EDGAR filings@sec.gov” in an email with an attachment reading disguised as a word doc entitled “Important_Changes_to_Form10_K.doc” " -http://www.readingeagle.com/business-weekly/article/scam-report-phishing-emails-target-executives-for-information.
Two other methods are also said to have been used in their attacks: fileless malware https://threatpost.com/hard-target-fileless-malware/125054/ [threatpost.com] and fake windows compatibility patches http://www.pcworld.com/article/3194523/security/financial-cybercrime-group-abuses-windows-app-compatibility-feature.html. [pcworld.com]