The Lizar toolkit is structurally similar to Carbanak, researchers said. Victims so far have included attacks on a gambling establishment, several educational institutions and pharmaceutical companies in the U.S., along with an IT company headquartered in Germany and a financial institution in Panama. “It is currently still under active development and testing, yet it is already being widely used to control infected computers, mostly throughout the United States.” “Lizar is a diverse and complex toolkit,” according to the firm. The latest version has been in use since February, and it offers a powerful set of data retrieval and lateral movement capabilities, according to an analysis published on Thursday. Lately, though, BI.ZONE researchers have noticed the group using a new type of backdoor, called Lizar. Carbanak is typically used for reconnaissance and establishing a foothold on networks.
But its go-to toolkit has been Carbanak remote-access trojan (RAT), which previous analysis shows is highly complex and sophisticated compared with its peers: It’s basically a Cadillac in a sea of golf carts.
Its choice of malware is always evolving, including occasionally using never-before-seen samples that surprise researchers. Since 2020, it has also added ransomware/data exfiltration attacks to its mix, carefully selecting targets according to revenue using the ZoomInfo service, researchers noted. The group typically uses malware-laced phishing attacks against victims in hopes they will be able to infiltrate systems to steal bank-card data and sell it. Since 2015, FIN7 has targeted point-of-sale systems at casual-dining restaurants, casinos and hotels. They go to great lengths for verisimilitude, researchers said: “These groups hire employees who are not even aware that they are working with real malware or that their employer is a real criminal group.”
#Cmd hacking tools windows#
The notorious FIN7 cybercrime gang, a financially motivated group, is spreading a backdoor called Lizar under the guise of being a Windows pen-testing tool for ethical hackers.Īccording to the BI.ZONE Cyber Threats Research Team, FIN7 is pretending to be a legitimate organization that hawks a security-analysis tool.