Chapter 14. FIN6 Emulation Plan

The FIN6 group is a cybercrime syndicate known for its nefarious activities primarily revolving around collecting and selling payment card data on underground marketplaces. Notorious for its aggressive targeting and compromising of point of sale (POS) systems, this group’s illicit operations have particularly targeted the hospitality and retail sectors. FIN6’s MO was historically focused on brick-and-mortar venues across the US and Europe, where it harvested POS data. However, with the evolving digital landscape, the group transitioned some of its operations to target ecommerce platforms, thereby showcasing a tactical pivot in line with the burgeoning online retail space.

FIN6’s technical arsenal is significantly robust, manifesting in sophisticated cyberattacks. For instance, a marriage of forces with the TrickBot trojan was observed, where initial infections via TrickBot were later exacerbated by deploying the Anchor backdoor malware. This indicated a nuanced strategy and the capability to orchestrate multistage attacks.¹

This group’s evolution underscores its discerning adaptability—from initially deploying POS malware to later engaging in ransomware campaigns—amplifying the threat it poses to physical and online retail domains. Its operational sophistication and willingness to evolve and adopt new malicious tactics warrant a high degree of vigilance and advanced security measures among potential target sectors.

As you progress into the hands-on ...