FireEye has identified a set of financially motivated intrusion
operations being carried out by a threat actor we have dubbed FIN10.
FIN10 is known for compromising networks, stealing sensitive data, and
directly engaging victim executives and board members in an attempt to
extort them into paying between 100 and 500 bitcoins (valued at
between $125,000 and $620,000 as of mid-April 2017).
For some victims that did not give into the demand, FIN10 escalated
their operation and destroyed critical production systems and leaked
stolen data to journalists in an attempt to increase visibility of the
compromise and coerce victims into paying up.
The first known FIN10 operation was in 2013 and their operations
have continued until at least 2016. To date, we are primarily aware of
Canadian victims – specifically casinos and mining organizations.
Given the release of sensitive victim data, extortion, and destruction
of systems, FireEye considers FIN10 to be one of the most disruptive
threat actors observed in the region so far.
Download our report,
of a Cyber Extortion Operation, to learn more about FIN10, including:
- The tactics, techniques and procedures used by FIN10 to
conduct their operations.
- The multiple monikers used by
FIN10 such as “Tesla Team”, “Angels of Truth”, and “Anonymous Threat
Agent” to throw false flags.
- Lessons learned when
responding to FIN10 breaches, including considerations for engaging
the threat actor and complying with extortion demands.
about FIN10 and how to combat the threat.