In the spotlight: “Fin6” has reportedly widened its range of attacks to include ransomware, potentially inciting the threat group to extend targeting beyond retail and hospitality entities. This is the second significant shift in the group’s attack methods observed in the past 18 months; Fin6 is likely developing additional tactics that will be incorporated into their campaigns in the long term (beyond one year).
Weekly highlights included: a Chinese advanced persistent threat (APT) campaign against a German pharmaceutical company, likely to steal intellectual property; a mass phishing campaign that used US servers to host malware; and a Domain Name System (DNS) hijacking campaign aimed at online services and Brazilian financial institutions.