Last year, the UNC1878 hacking group made headlines after it deliberately and aggressively attacked healthcare facilities with ransomware. Mandiant has upgraded UNC1878 from an "unclassified group" to the category of FIN hackers. A report.
Mandiant UNC1878 upgraded from an "unclassified group" to the category of FIN hackers (financially motivated groups) and assigned the designation FIN12. FIN12 was responsible for nearly 20 percent of all ransomware attacks Mandiant responded to last year. The average time to ransom demand is around 2,5 days. This makes FIN12 about twice as fast as other ransomware groups. This underscores the legitimate and growing concern that hacking groups are not only expanding their teams, but also making their operations more efficient.
Some highlights from the report
- Unlike what is common for ransomware attacks these days, FIN12 focuses on fast, targeted attacks with a high possible yield.
The victims have an average of more than $ 6 billion in annual sales. - Almost 1 in 5 victims observed are in the healthcare sector and many of these companies operate healthcare facilities.
- Recently, FIN12 is also targeting companies in Australia, Colombia, France, Indonesia, Ireland, the Philippines, South Korea, Spain, the United Arab Emirates and the United Kingdom.
- FIN12 appears to be diversifying its partnerships (beyond the hackers affiliated with TRICKBOT) and possibly using the tools and services of other groups of hackers to increase the scope and effectiveness of their attacks.
Commenting on the group’s recent activity, Kimberly Goody, Mandiant’s director of financial crime analysis: “FIN12 is one of the most aggressive ransomware hacking groups that Mandiant has tracked.
Hacker group FIN12 is developing at breakneck speed
In contrast to other actors who are reorienting themselves towards other forms of blackmail, this group still focuses exclusively on ransomware, moves significantly faster than their competitors and has big goals. They are behind several attacks on the health system and are particularly focused on wealthy victims. Nothing is sacred to these actors - they target hospitals / healthcare facilities, utilities, critical infrastructure and more. This shows that they deliberately do not want to adhere to the norms. ”Mandiant summarized the latest findings on this rapidly expanding group of hackers in a downloadable report.
More at Mandiant.com
About Mandiant Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response. With decades of experience on the cyber frontline, Mandiant helps organizations confidently and proactively defend against cyber threats and respond to attacks. Mandiant is now part of Google Cloud.