ICAO: 461F59
Owner: FINNAIR
Flt: FIN7 OH-LWR A359 HEL-MIA
Time: 2025-12-29 14:23:28 EST
Min Alt: 40000 ft
Min Dist: 2.02 nm (-65° WNW)
dev adsb planefence by kx1t -•sdr-e•airplanes•flightaware

ICAO: 461F5A
Owner: FINNAIR
Flt: FIN7 OH-LWS A359 HEL-MIA
Time: 2025-12-27 13:27:44 EST
Min Alt: 40000 ft
Min Dist: 4.6 nm (127° SE)
Squawk: 0750

dev adsb planefence by kx1t -•sdr-e•airplanes•flightaware

How to Use MCP to Optimize Your Graylog Security Detections Use Model Context Protocol (MCP) with Graylog to turn threat intelligence into prioritized, actionable security detections in seconds.

Is your #finserv institution as safe as it could be from #ransomware & other #cyberthreats? Groups like #FIN7, #LazarusGroup & #Carbanak often target #banks with attacks like SWIFT compromises. 🏦

But have no fear, #Graylog + Model Context Protocol are here to help! 🦸 💪

graylog.org/post/how-to-...

GrayAlpha Exposed: Deploys Malware via Infection Vectors Experts from Insikt Group have found new infrastructure linked with GrayAlpha, a cybercrime gang overlapping with the financially motivated group called FIN7. Fin7 has been in the cybercrime game since 2013 and is known as one of the most infamous and technologically advanced gang-attacking organizations worldwide. “The group is organized like a professional business, with compartmentalized teams handling malware development, phishing operations, money laundering, and management,” reports Insikt Group. The discovered infrastructure comprises domains used for distributing payload and extra IP addresses that are linked to GrayAlpha. Insikt Group found a custom PowerShell loader called PowerNet, which decompresses and launches NetSupport RAT. Insikt Group discovered another custom loader called MaskBat that shares similarities with FakeBat but is hidden and has strings linked to GrayAlpha. The experts discovered three main primary infection techniques: * Traffic distribution system (TDS) Tag-124 * Fake 7-Zip download site * Fake browser update pages All the infection vectors were used simultaneously, and a detailed analysis by the experts revealed the individual alleged to be a member of GrayAlpha operation.  Individuals and organizations are suggested to implement app allow-lists to stop the download of authentic-looking spoof files that contain malware. If allow-lists are not possible, detailed employee security training is a must, especially in detecting malvertising. Besides this, the use of tracking rules like YARA and Malware Intelligence Hunting queries given in this report is important for identifying both present and past compromises. Due to the continuous evolution nature of malware, these rules should be regularly and teamed with wider identification techniques, such as monitoring of network artifacts and use of Recorded Future Network Intelligence. In the future, experts must keep an eye on the wider cybercriminal ecosystem to predict and address emerging threats in a better way. The constant advancement in the cybercrime industry raises the chance of attacks against organizations. Generally, APT operations are linked to state-sponsored entities, but GrayAlpha shows that threat actors can show the same level of persistence. Similar to the ransomware-as-service (RaaS) model, threat actors are getting more sophisticated day by day, raising the need for adaptive and comprehensive security measures. 

GrayAlpha Exposed: Deploys Malware via Infection Vectors #Browser #FIN7 #GrayAlpha

Locating hidden brand impersonation infrastructure using Silent Push Web Scanner Challenge: Gathering actionable web content and DNS data at scale  Our customer – a large U.S. retail organization – was facing difficulties scanning and analysing vast amounts of public web content a...

Locating hidden brand impersonation infrastructure using Silent Push Web Scanner 🔎 Read: www.silentpush.com/blog/locatin...

#cybersecurity #threatintel #CTI #brandprotection #FIN7

Ragnar Loader: A Persistent Threat in Ransomware Operations Ragnar Loader, a sophisticated malware toolkit, is primarily associated with ransomware groups such as FIN7, FIN8, and Ragnar Locker. It has evolved significantly since its emergence in 2020, integrat...

🔥 #Ragnar Loader’s stealthier than your boss assigning weekend tasks. Stay sharp & outsmart it! 💻😈

blog.alphahunt.io/ragnar-loade...

#AlphaHunt #AskYourTIP #CTI #Fin7 #Fin8

FIN7 FIN8 and Others Use Ragnar Loader for Persistent Access and Ransomware Operations difficult to detect and more modular read more about FIN7 FIN8 and Others Use Ragnar Loader for Persistent Access and Ransomware Operations

FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations reconbee.com/fin7-fin8-an...

#FIN7 #FIN8 #ransomware #ransomwareattack #CyberSecurity #cybersecurityawareness #cyberattack #ragnarloader

ディープヌードAI画像ジェネレーターで誘ってRATをダウンロードさせるサイバー攻撃 サイバー攻撃グループ「FIN7」は、有名人のヌード画像を生成できると謳い、被害者に「NetSupport RAT」というリモートアクセス型マルウェアをダウンロードさせています。今回のFIN7による新たな攻撃では、「ディープフェイクヌード画像を見たい」という被害者の欲求が利用されています。

ディープヌードAI画像ジェネレーターで誘ってRATをダウンロードさせるサイバー攻撃 #KnowBe4 (Dec 23)

#ディープフェイク #マルバタイジング #FIN7 #セキュリティ教育 #認証情報

Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group Cybersecurity experts uncover new FIN7 infrastructure in Russia and Estonia, revealing the threat actor's evolving network strategy and global reach.

Cybersecurity experts uncover new #FIN7 infrastructure in Russia and Estonia, revealing the threat actor's evolving network strategy and global reach.
thehackernews.com/2024/08/rese...
#cybersecurity #hacking #malware

FIN7 Cybercrime Gang Evolves with Ransomware and Hacking Tools Follow us on Twitter @Hackread - Facebook @ /Hackread

The Russian #FIN7 cybercrime gang has resurfaced with new identities and hacking tools. This group previously established two #cybersecurity firms to deceive security researchers.
#CyberCrime #Russia #Ransomware #CyberAttack
hackread.com/fin7-cybercr...

FIN7 group advertises new EDR bypass tool on hacking forums The cybercrime group FIN7 is advertising a security evasion tool in multiple underground forums, cybersecurity company SentinelOne warns.

Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums
securityaffairs.com/165863/cyber...
#Infosec #Security #Cybersecurity #CeptBiro #CybercrimeGroup #FIN7 #EDRbypassTool #HackingForums

FIN7 Hackers Employ New Tools to Bypass EDR & Conduct Automated Attacks FIN7 has once again made headlines with the development of new tools designed to bypass Endpoint Detection and Response (EDR) solutions and conduct automated attacks.

FIN7 Hackers Employ New Tools to Bypass EDR & Conduct Automated Attacks
cybersecuritynews.com/fin7-bypass-...
#Infosec #Security #Cybersecurity #CeptBiro #FIN7 #NewTools #BypassEDR #ConductAutomatedAttacks

FIN7 Uses Trusted Brands and Sponsored Google Ads to Distribute MSIX… Learn more about FIN7 using trusted brands and sponsored Google Ads to distribute MSIX payloads and get security recommendations from our Threat Response…

FIN7 Uses Trusted Brands and Sponsored Google Ads to Distribute MSIX Payloads
www.esentire.com/blog/fin7-us...
#Infosec #Security #Cybersecurity #CeptBiro #FIN7 #GoogleAds #MSIXPayloads

FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor FIN7, a notorious cybercrime group, is targeting the U.S. automotive industry with spear-phishing attacks.

🛑 Beware: Cybercrime group #FIN7 targets U.S. automotive industry with phishing scams to deploy Carbanak #malware.
thehackernews.com/2024/04/fin7...
#hacking #cybersecurity

Update on #Carbanak and #FIN7 @MITREattack Evaluations. Expect the #adversaryemulation plan in 2021. 30 vendors going through eval and an update on #ICS evals. Looking forward to the great work from this awesome team! @FrankDuff @jamieantisocial etc....