Cybersecurity researchers have uncovered new infrastructure linked to the financially motivated threat actor FIN7.
Recent findings suggest that communication is inbound to FIN7 infrastructure from IP addresses assigned to Post Ltd (Russia) and SmartApe (Estonia), as detailed in a report by Team Cymru, Silent Push, and Stark Industries Solutions.
Further investigation by Silent Push reveals Stark Industries IP addresses solely dedicated to hosting FIN7 infrastructure.
The analysis also indicates that the hosts associated with this e-crime group are likely procured from Stark’s resellers, a common practice in the hosting industry.
Team Cymru has identified additional infrastructure connected to FIN7, with IP addresses assigned to Post Ltd in Russia and SmartApe in Estonia.
These clusters have been observed communicating with Stark-assigned hosts over the past month, highlighting the extent of their activities.
Connections have been suspended by Stark following responsible disclosure, shedding light on the structured communication observed between these entities.
For more engaging content, follow us on Twitter and LinkedIn.