• caglararli@hotmail.com
  • 05386281520

New Version of ShellTea Backdoor Used by FIN8 Hacking Group

Çağlar Arlı      -    5 Views

New Version of ShellTea Backdoor Used by FIN8 Hacking Group

Researchers have detected a new campaign against the hotel-entertainment industry employing the first documented use of the ShellTea/PunchBuggy backdoor since 2017. It is also thought to be the first observed attack delivered by the FIN8 group in 2019.

FIN8's obfuscation techniques were analyzed by FireEye in June 2017 together with the use of "their PUNCHTRACK POS-scraping malware." For example, wrote FireEye, "In early 2017, FIN8 began using environment variables paired with...
New Version of ShellTea Backdoor Used by FIN8 Hacking Group