CINXE.COM
FIN7.5: the infamous cybercrime rig “FIN7” continues its activities | Securelist
<!DOCTYPE html> <html lang="en-US"> <head> <meta charset="UTF-8" /> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <script type="text/javascript"> /* <![CDATA[ */ var gform;gform||(document.addEventListener("gform_main_scripts_loaded",function(){gform.scriptsLoaded=!0}),window.addEventListener("DOMContentLoaded",function(){gform.domLoaded=!0}),gform={domLoaded:!1,scriptsLoaded:!1,initializeOnLoaded:function(o){gform.domLoaded&&gform.scriptsLoaded?o():!gform.domLoaded&&gform.scriptsLoaded?window.addEventListener("DOMContentLoaded",o):document.addEventListener("gform_main_scripts_loaded",o)},hooks:{action:{},filter:{}},addAction:function(o,n,r,t){gform.addHook("action",o,n,r,t)},addFilter:function(o,n,r,t){gform.addHook("filter",o,n,r,t)},doAction:function(o){gform.doHook("action",o,arguments)},applyFilters:function(o){return gform.doHook("filter",o,arguments)},removeAction:function(o,n){gform.removeHook("action",o,n)},removeFilter:function(o,n,r){gform.removeHook("filter",o,n,r)},addHook:function(o,n,r,t,i){null==gform.hooks[o][n]&&(gform.hooks[o][n]=[]);var e=gform.hooks[o][n];null==i&&(i=n+"_"+e.length),gform.hooks[o][n].push({tag:i,callable:r,priority:t=null==t?10:t})},doHook:function(n,o,r){var t;if(r=Array.prototype.slice.call(r,1),null!=gform.hooks[n][o]&&((o=gform.hooks[n][o]).sort(function(o,n){return o.priority-n.priority}),o.forEach(function(o){"function"!=typeof(t=o.callable)&&(t=window[t]),"action"==n?t.apply(null,r):r[0]=t.apply(null,r)})),"filter"==n)return r[0]},removeHook:function(o,n,t,i){var r;null!=gform.hooks[o][n]&&(r=(r=gform.hooks[o][n]).filter(function(o,n,r){return!!(null!=i&&i!=o.tag||null!=t&&t!=o.priority)}),gform.hooks[o][n]=r)}}); /* ]]> */ </script> <link rel="profile" href="http://gmpg.org/xfn/11" /> <link rel="pingback" href="https://securelist.com/xmlrpc.php" /> <link rel="apple-touch-icon" sizes="192x192" href="https://securelist.com/wp-content/themes/securelist2020/assets/images/favicons/favicon-192x192.png"> <link rel="icon" type="image/png" sizes="192x192" href="https://securelist.com/wp-content/themes/securelist2020/assets/images/favicons/favicon-192x192.png"> <link rel="icon" type="image/png" sizes="96x96" href="https://securelist.com/wp-content/themes/securelist2020/assets/images/favicons/favicon-96x96.png"> <link rel="icon" type="image/png" sizes="48x48" href="https://securelist.com/wp-content/themes/securelist2020/assets/images/favicons/favicon-48x48.png"> <link rel="icon" type="image/png" sizes="32x32" href="https://securelist.com/wp-content/themes/securelist2020/assets/images/favicons/favicon-32x32.png"> <link rel="icon" type="image/png" sizes="16x16" href="https://securelist.com/wp-content/themes/securelist2020/assets/images/favicons/favicon-16x16.png"> <link rel="manifest" href="https://securelist.com/wp-content/themes/securelist2020/assets/images/favicons/site.webmanifest"> <title>FIN7.5: the infamous cybercrime rig “FIN7” continues its activities | Securelist</title> <style>img:is([sizes="auto" i], [sizes^="auto," i]) { contain-intrinsic-size: 3000px 1500px }</style> <!-- The SEO Framework by Sybre Waaijer --> <meta name="keywords" content="APT,Financial malware,Malware Descriptions,PowerShell,Social Engineering,Spear Phishing" /> <link rel="canonical" href="https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/" /> <meta name="description" content="In 2018-2019, researchers of Kaspersky Lab’s Global Research and Analysis Team analyzed various campaigns that used the same TTPs as the historic FIN7, leading the researchers to believe that this threat actor had remained active despite the 2018 arrests." /> <meta property="og:type" content="article" /> <meta property="og:title" content="FIN7.5: the infamous cybercrime rig “FIN7” continues its activities" /> <meta property="og:description" content="In 2018-2019, researchers of GReAT analyzed various campaigns that used the same TTPs as the historic FIN7, leading the researchers to believe that this threat actor had remained active despite the 2018 arrests." /> <meta property="og:url" content="https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/" /> <meta property="og:image" content="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/05/08094429/fintech_abstract.jpg" /> <meta name="twitter:card" content="summary_large_image" /> <meta name="twitter:site" content="@Securelist" /> <meta name="twitter:creator" content="@Securelist" /> <meta name="twitter:title" content="FIN7.5: the infamous cybercrime rig “FIN7” continues its activities" /> <meta name="twitter:description" content="In 2018-2019, researchers of GReAT analyzed various campaigns that used the same TTPs as the historic FIN7, leading the researchers to believe that this threat actor had remained active despite the 2018 arrests." /> <meta name="twitter:image" content="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/05/08094429/fintech_abstract.jpg" /> <script type="application/ld+json">{"@context":"https://schema.org","@type":"NewsArticle","mainEntityOfPage":{"@type":"WebPage","@id":"https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/"},"headline":"FIN7.5: the infamous cybercrime rig “FIN7” continues its activities","image":"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/05/08094429/fintech_abstract.jpg","datePublished":"2019-05-08T10:00:04+00:00","dateModified":"2020-09-18T16:04:05+00:00","author":{"@type":"Person","name":"Yury Namestnikov","url":"https://securelist.com/author/yurynamestnikov/"},"publisher":{"@type":"Organization","name":"Kaspersky","logo":{"@type":"ImageObject","url":"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/06/04065705/article-logo-small_new.png","width":60,"height":60}},"description":"In 2018-2019, researchers of Kaspersky Lab’s Global Research and Analysis Team analyzed various campaigns that used the same TTPs as the historic FIN7, leading the researchers to believe that this threat actor had remained active despite the 2018 arrests."}</script> <!-- / The SEO Framework by Sybre Waaijer | 77.26ms meta | 0.14ms boot --> <link rel='dns-prefetch' href='//kasperskycontenthub.com' /> <link rel='dns-prefetch' href='//securelist.com' /> <link rel='dns-prefetch' href='//www.google.com' /> <link rel="alternate" type="application/rss+xml" title="Securelist - English - Global - securelist.com » Feed" href="https://securelist.com/feed/" /> <link rel="alternate" type="application/rss+xml" title="Securelist - English - Global - securelist.com » Comments Feed" href="https://securelist.com/comments/feed/" /> <link rel="alternate" type="application/rss+xml" title="Securelist - English - Global - securelist.com » FIN7.5: the infamous cybercrime rig “FIN7” continues its activities Comments Feed" href="https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/feed/" /> <link rel='stylesheet' id='crayon-group-css' href='//assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/crayon-syntax-highlighter/css/min/crayon.min.css,wp-content/plugins/crayon-syntax-highlighter/themes/classic/classic.css,wp-content/plugins/crayon-syntax-highlighter/fonts/monaco.css,wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/jquery-collapse-o-matic/css/core_style.css,wp-content/plugins/jquery-collapse-o-matic/css/light_style.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/themes/securelist2020/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css' type='text/css' media='all' /> <link rel='stylesheet' id='taxonomy-image-plugin-public-group-css' href='//assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/taxonomy-images/css/style.css' type='text/css' media='screen' /> <script type="text/javascript" src="https://securelist.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp" id="jquery-core-js"></script> <script type="text/javascript" id="kaspersky-sso-integration-js-extra"> /* <![CDATA[ */ var kasperskySSOIntegrationData = {"authorizationURL":"https:\/\/auth.ca.uis.kaspersky.com\/connect\/authorize?client_id=securelist&client_name=Securelist&redirect_uri=https%3A%2F%2Fsecurelist.com%2Fkaspersky-sso%2Flogin%2F&response_type=code&scope=openid email profile offline_access","endSessionURL":"https:\/\/auth.ca.uis.kaspersky.com\/connect\/endsession?id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6IkNCNzFGQTExMjc4MzgyMzQ3OTAxNzlENkJGMkVBNkFCRkZGOEQ5OUYiLCJ4NXQiOiJ5M0g2RVNlRGdqUjVBWG5Xdnk2bXFfXzQyWjgiLCJ0eXAiOiJKV1QifQ.eyJhdF9oYXNoIjoiRHM1QjM1LWppNGhIV0M5X0RzMXhXZyIsInNpZCI6IkdCRzdmU2FqMmVQeVBIRnZUV3JoUUEiLCJzdWIiOiI0MzRiNjMxZi05NTU2LTRhMTUtYjk5OS0yYTQxYThlZjJmYzMiLCJhdXRoX3RpbWUiOiIxNzM5NzcyMDMzIiwiaWRwIjoiS2FzcGVyc2t5SWQiLCJrYXNwZXJza3kuc3ViX3ZlcnNpb24iOiIxIiwia2FzcGVyc2t5LnN1c3BpY2lvdXNfYXV0aGVudGljYXRpb24iOiJ0cnVlIiwibmJmIjoxNzM5NzcyMDM4LCJleHAiOjE3Mzk4NTg0MzgsImlhdCI6MTczOTc3MjAzOCwiaXNzIjoiaHR0cHM6Ly9hdXRoLmNhLnVpcy5rYXNwZXJza3kuY29tIiwiYXVkIjoic2VjdXJlbGlzdCJ9.MoGupMHBmoByXheRiABobA4kLTdk8F1c365JGWSisHPFNT_kPZhmh6ggVSifsbSwVDnRLTl5q7zfcI7E7K3WoIj1t8ZAdVrT5JJg_fOgyz_WrJDmzjim6VS2PDVle8BdyqikRBOgQrTx42dWUII_0wO8MMb1nm84cRyjfBrQFHCXJ2zB29Jba90HoFchCXrgOwMFFSMX7JYKjQZTBMj5Xxpr5N9I-nVvFAAz1Aaeq8gKsiNSGds1YQZqmhdcAswoqrdjePpiiiVe7RfUo4NmsshiGAxQrW4oe3p8zUwk0Mlsyiv-K3wRyCfHAno0XmZycB7gyzu12J1qOs2MnmGBRg&post_logout_redirect_uri=https:\/\/securelist.com\/kaspersky-sso\/logout\/"}; /* ]]> */ </script> <script type="text/javascript" id="kss_js-js-extra"> /* <![CDATA[ */ var kss = {"twitter_account":"Securelist"}; /* ]]> */ </script> <script type='text/javascript' src='//assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/kaspersky-lazy-load/assets/js/lazyload.js,wp-content/plugins/kaspersky-sso-integration/assets/js/main.js,wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js,wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js'></script> <link rel="alternate" hreflang="x-default" href="https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/" /> <script> window.dataLayer = window.dataLayer || []; window.dataLayer.push({ 'Author' : 'Yury Namestnikov', 'PostId' : '90703', 'PublicationDate' : '2019-05-08', 'Categories': 'APT reports', 'Tags': 'APT, Financial malware, Malware Descriptions, PowerShell, Social engineering, Spear phishing', }); </script> <!-- Google Tag Manager --> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-5CGZ3HG');</script> <!-- End Google Tag Manager --> <!-- Google Tag Manager --> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-WZ7LJ3');</script> <!-- End Google Tag Manager --> <link rel="https://api.w.org/" href="https://securelist.com/wp-json/" /><link rel="alternate" title="JSON" type="application/json" href="https://securelist.com/wp-json/wp/v2/posts/90703" /><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://securelist.com/xmlrpc.php?rsd" /> <link rel="alternate" title="oEmbed (JSON)" type="application/json+oembed" href="https://securelist.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fsecurelist.com%2Ffin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities%2F90703%2F" /> <link rel="alternate" title="oEmbed (XML)" type="text/xml+oembed" href="https://securelist.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fsecurelist.com%2Ffin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities%2F90703%2F&format=xml" /> <script type="text/javascript"> var sNew = document.createElement("script"); sNew.async = true; sNew.src = "https://kasperskycontenthub.com/?dm=ed1f9e435dc885292eab65620c51f3fb&action=load&blogid=43&siteid=1&t=1092295506&back=https%3A%2F%2Fsecurelist.com%2Ffin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities%2F90703%2F" var s0 = document.getElementsByTagName('script')[0]; s0.parentNode.insertBefore(sNew, s0); </script> <script type="text/javascript"> document.write(unescape("%3Cscript src='//munchkin.marketo.net/munchkin.js' type='text/javascript'%3E%3C/script%3E")); </script> <script>Munchkin.init('802-IJN-240');</script> <meta name="google-site-verification" content="o48MojucKcP-DT5iCMR8AsvkVWP14fE78flHCqqjo50" /> <script type="text/javascript"> var jQueryMigrateHelperHasSentDowngrade = false; window.onerror = function( msg, url, line, col, error ) { // Break out early, do not processing if a downgrade reqeust was already sent. if ( jQueryMigrateHelperHasSentDowngrade ) { return true; } var xhr = new XMLHttpRequest(); var nonce = 'c380f08d63'; var jQueryFunctions = [ 'andSelf', 'browser', 'live', 'boxModel', 'support.boxModel', 'size', 'swap', 'clean', 'sub', ]; var match_pattern = /\)\.(.+?) is not a function/; var erroredFunction = msg.match( match_pattern ); // If there was no matching functions, do not try to downgrade. if ( typeof erroredFunction !== 'object' || typeof erroredFunction[1] === "undefined" || -1 === jQueryFunctions.indexOf( erroredFunction[1] ) ) { return true; } // Set that we've now attempted a downgrade request. jQueryMigrateHelperHasSentDowngrade = true; xhr.open( 'POST', 'https://securelist.com/wp-admin/admin-ajax.php' ); xhr.setRequestHeader( 'Content-Type', 'application/x-www-form-urlencoded' ); xhr.onload = function () { var response, reload = false; if ( 200 === xhr.status ) { try { response = JSON.parse( xhr.response ); reload = response.data.reload; } catch ( e ) { reload = false; } } // Automatically reload the page if a deprecation caused an automatic downgrade, ensure visitors get the best possible experience. if ( reload ) { location.reload(); } }; xhr.send( encodeURI( 'action=jquery-migrate-downgrade-version&_wpnonce=' + nonce ) ); // Suppress error alerts in older browsers return true; } </script> <div id="fb-root"></div> <script> (function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/all.js#xfbml=1&appId=160639043985664"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk')); </script> <script> (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = '//apis.google.com/js/platform.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })(); </script> <link rel="icon" href="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/11/06125514/cropped-sl_favicon-32x32.png" sizes="32x32" /> <link rel="icon" href="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/11/06125514/cropped-sl_favicon-192x192.png" sizes="192x192" /> <link rel="apple-touch-icon" href="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/11/06125514/cropped-sl_favicon-180x180.png" /> <meta name="msapplication-TileImage" content="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/11/06125514/cropped-sl_favicon-270x270.png" /> </head> <body class="post-template-default single single-post postid-90703 single-format-standard lang-en_US c-theme--light"> <!-- Google Tag Manager (noscript) --> <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5CGZ3HG" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> <!-- End Google Tag Manager (noscript) --> <!-- Google Tag Manager (noscript) --> <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-WZ7LJ3" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> <!-- End Google Tag Manager (noscript) --> <div id="site-top" class="site-top"> <div class="container"> <nav class="site-nav" data-element-id="product-menu"> <div class="label"> <p>Solutions for:</p> </div> <ul id="menu-product-menu-daily-nxgen" class="site-selector"><li><a target="_blank" href="https://www.kaspersky.com/home-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_prodmen_sm-team_______d5c53f9a5bd411f7" data-element-id="product-menu-link" class="font-icons icon-home menu-item menu-item-type-custom menu-item-object-custom menu-item-87907">Home Products</a></li> <li><a title="font-icons icon-small-business" target="_blank" href="https://www.kaspersky.com/small-business-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_prodmen_sm-team_______d5c53f9a5bd411f7" data-element-id="product-menu-link" class="font-icons icon-small-business menu-item menu-item-type-custom menu-item-object-custom menu-item-87908">Small Business 1-50 employees</a></li> <li><a target="_blank" href="https://www.kaspersky.com/small-to-medium-business-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_prodmen_sm-team_______d5c53f9a5bd411f7" data-element-id="product-menu-link" class="font-icons icon-medium-business menu-item menu-item-type-custom menu-item-object-custom menu-item-87909">Medium Business 51-999 employees</a></li> <li><a target="_blank" href="https://www.kaspersky.com/enterprise-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_prodmen_sm-team_______d5c53f9a5bd411f7" data-element-id="product-menu-link" class="font-icons icon-enterprise menu-item menu-item-type-custom menu-item-object-custom menu-item-87910">Enterprise 1000+ employees</a></li> </ul> </nav> </div> </div> <header id="site-header" class="site-header js-sticky-mobile-header"> <div class="container"> <a href="" class="c-page-nav-toggle js-mobile-menu-toggle"> <span class="c-page-nav-toggle__icon"> <span></span> <span></span> <span></span> </span> </a> <a href="" class="menu-toggle"> <span></span> <span></span> <span></span> </a> <div class="c-site-title"> <div class="c-site-logo__group"> <a data-element-id="securelist-logo" href="https://securelist.com/" class="c-site-logo c-site-logo--basic"></a> <span class="c-site-tagline">by Kaspersky</span> </div> </div> <ul id="menu-my-kaspersky" class="menu-utility sticky-utility"><li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87905"><a href="https://companyaccount.kaspersky.com/account/login?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="companyaccount">CompanyAccount</a> <li class="sticky-item sticky-xl-only menu-item menu-item-type-custom menu-item-object-custom menu-item-87906"><a href="https://www.kaspersky.com/enterprise-security/contact?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="getintouch">Get In Touch</a> <li class="securelist-theme-switcher menu-item menu-item-type-custom menu-item-object-custom menu-item-99824"><a data-element-id="dark-mode" href="#" class="js-theme-switcher"><i class="font-icons icon-moon"></i>Dark mode<span class="u-hidden u-inline--dark"> off</span></a> <li class="dropdown"><a data-element-id="lang-selector" href="#" class="">English</a><ul class="sub-menu-regular"><li><a href="https://securelist.ru">Russian</a></li><li><a href="https://securelist.lat">Spanish</a></li></ul> </ul> <div class="c-page-search js-main-search"> <form class="c-page-search__form c-page-search__form--small js-wizardinfosys_autosearch_form" full_search_url="https://securelist.com/?s=%q%" action="https://securelist.com/" method="get"> <div class="c-form-element c-form-element--style-fill"> <div class="c-form-element__field wp_autosearch_form_wrapper"> <input name="s" class="c-form-element__text wp_autosearch_input ac_input" data-webinars="" type="text" value="" placeholder="Search..." autocomplete="off"> </div> </div> <button class="c-button c-button--icon wp_autosearch_submit"><svg class="o-icon o-svg-icon o-svg-large"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-search"></use></svg></button> </form> <div class="c-page-search__toggle js-main-search-toggle"><svg class="o-icon o-svg-icon o-svg-larger"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-search"></use></svg></div> </div> <nav class="main-nav" data-element-id="nextgen-menu"> <ul id="menu-corp-menu" class="main-menu"><li class="dropdown mega menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-87706"><a href="https://www.kaspersky.com/enterprise-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Solutions</a> <ul class="submenu"> <li class="first featured featured-smaller menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-87707"> <ul class="featured section-col-l-3 no-gutter"> <li class="show-figure smaller-item icon-iot-embed-security menu-item menu-item-type-custom menu-item-object-custom menu-item-87710"><figure><a href="https://www.kaspersky.com/enterprise-security/embedded-security-internet-of-things?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/iot-embed-security.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/embedded-security-internet-of-things?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Internet of Things & Embedded Security</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/embedded-security-internet-of-things?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-transportation-cybersecurity menu-item menu-item-type-custom menu-item-object-custom menu-item-87712"><figure><a href="https://www.kaspersky.com/enterprise-security/industrial-solution?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/transportation-cybersecurity.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/industrial-solution?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Industrial Cybersecurity</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/industrial-solution?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-fraud-prevention menu-item menu-item-type-custom menu-item-object-custom menu-item-87713"><figure><a href="https://www.kaspersky.com/enterprise-security/fraud-prevention?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/fraud-prevention.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/fraud-prevention?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Fraud Prevention</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/fraud-prevention?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item menu-item menu-item-type-custom menu-item-object-custom menu-item-87711"><a href="https://www.kaspersky.com/enterprise-security/kasperskyos?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">KasperskyOS-based solutions</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/kasperskyos?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> </ul> <li> <ul class="regular"> <li class="title"><h6>Other solutions</h6> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105615"><a href="https://www.kaspersky.com/enterprise-security/security-operations-center-soc?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Kaspersky for Security Operations Center</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105614"><a href="https://www.kaspersky.com/enterprise-security/kaspersky-iot-infrastructure-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Kaspersky IoT Infrastructure Security</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-112322"><a href="https://www.kaspersky.com/enterprise-security/kaspersky-secure-remote-workspace?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Kaspersky Secure Remote Workspace</a> </ul> </ul> <li class="dropdown mega menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-87714"><a href="https://www.kaspersky.com/enterprise-security/industries?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Industries</a> <ul class="submenu"> <li class="first featured featured-smaller menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-87715"> <ul class="featured section-col-l-3 no-gutter"> <li class="show-figure smaller-item icon-national-cybersecurity menu-item menu-item-type-custom menu-item-object-custom menu-item-87716"><figure><a href="https://www.kaspersky.com/enterprise-security/national-cybersecurity?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/national-cybersecurity.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/national-cybersecurity?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">National Cybersecurity</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/national-cybersecurity?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-industrial-cybersecurity menu-item menu-item-type-custom menu-item-object-custom menu-item-87717"><figure><a href="https://www.kaspersky.com/enterprise-security/industrial?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/industrial-cybersecurity.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/industrial?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Industrial Cybersecurity</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/industrial?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-financial-cybersecurity menu-item menu-item-type-custom menu-item-object-custom menu-item-87718"><figure><a href="https://www.kaspersky.com/enterprise-security/finance?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/financial-cybersecurity.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/finance?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Finance Services Cybersecurity</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/finance?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-healthcare-cybersecurity menu-item menu-item-type-custom menu-item-object-custom menu-item-87719"><figure><a href="https://www.kaspersky.com/enterprise-security/healthcare?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/healthcare-cybersecurity.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/healthcare?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Healthcare Cybersecurity</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/healthcare?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-transportation-cybersecurity menu-item menu-item-type-custom menu-item-object-custom menu-item-87720"><figure><a href="https://www.kaspersky.com/enterprise-security/transportation-cybersecurity-it-infrastructure?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/transportation-cybersecurity.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/transportation-cybersecurity-it-infrastructure?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Transportation Cybersecurity</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/transportation-cybersecurity-it-infrastructure?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-retail-cybersecurity menu-item menu-item-type-custom menu-item-object-custom menu-item-87721"><figure><a href="https://www.kaspersky.com/enterprise-security/retail-cybersecurity?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/retail-cybersecurity.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/retail-cybersecurity?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Retail Cybersecurity</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/retail-cybersecurity?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> </ul> <li> <ul class="regular"> <li class="title"><h6>Other Industries</h6> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87724"><a href="https://www.kaspersky.com/enterprise-security/telecom?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Telecom Cybersecurity</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87725"><a href="https://www.kaspersky.com/enterprise-security/industries?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">View all</a> </ul> </ul> <li class="dropdown mega menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-87726"><a href="https://www.kaspersky.com/enterprise-security/products?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Products</a> <ul class="submenu"> <li class="first featured featured-smaller menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-87728"> <ul class="featured section-col-l-3 no-gutter"> <li class="show-figure smaller-item menu-item menu-item-type-custom menu-item-object-custom menu-item-112352"><a href="https://www.kaspersky.com/next?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><figure><img alt="" src="https://media.kasperskydaily.com/wp-content/uploads/sites/92/2024/04/10052437/k_Next_RGB_black_icon.png"></figure>Kaspersky Next <small class="label-inline red">NEW!</small></a><div class="desc"><p><a href="https://www.kaspersky.com/next?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item menu-item menu-item-type-custom menu-item-object-custom menu-item-112323"><a href="https://www.kaspersky.com/enterprise-security/xdr?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>XDR</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/xdr?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-endpoint-security_products menu-item menu-item-type-custom menu-item-object-custom menu-item-87727"><figure><a href="https://www.kaspersky.com/enterprise-security/endpoint?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/endpoint-security_products.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/endpoint?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>Endpoint Security for Business</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/endpoint?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-endpoint-detection-and-response menu-item menu-item-type-custom menu-item-object-custom menu-item-112324"><figure><a href="https://www.kaspersky.com/enterprise-security/endpoint-detection-response-edr?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/endpoint-detection-and-response.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/endpoint-detection-response-edr?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>EDR Expert</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/endpoint-detection-response-edr?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-hybrid-cloud-security_products menu-item menu-item-type-custom menu-item-object-custom menu-item-87730"><figure><a href="https://www.kaspersky.com/enterprise-security/edr-security-software-solution?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/hybrid-cloud-security_products.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/edr-security-software-solution?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>EDR Optimum</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/edr-security-software-solution?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-anti-targeted-attack-platform menu-item menu-item-type-custom menu-item-object-custom menu-item-87731"><figure><a href="https://www.kaspersky.com/enterprise-security/anti-targeted-attack-platform?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/anti-targeted-attack-platform.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/anti-targeted-attack-platform?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>Anti Targeted Attack Platform</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/anti-targeted-attack-platform?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item menu-item menu-item-type-custom menu-item-object-custom menu-item-112325"><a href="https://www.kaspersky.com/enterprise-security/cloud-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>Hybrid Cloud Security</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/cloud-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item menu-item menu-item-type-custom menu-item-object-custom menu-item-112326"><a href="https://www.kaspersky.com/enterprise-security/sd-wan?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>SD-WAN</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/sd-wan?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-private-security-network menu-item menu-item-type-custom menu-item-object-custom menu-item-87732"><figure><a href="https://www.kaspersky.com/enterprise-security/industrial-cybersecurity?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/private-security-network.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/industrial-cybersecurity?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>Industrial CyberSecurity</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/industrial-cybersecurity?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-embedded-systems-security menu-item menu-item-type-custom menu-item-object-custom menu-item-87733"><figure><a href="https://www.kaspersky.com/enterprise-security/container-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/embedded-systems-security.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/container-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>Container Security</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/container-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> </ul> <li> <ul class="regular"> <li class="title"><h6>Other Products</h6> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-112328"><a href="https://www.kaspersky.com/enterprise-security/products/internet-gateway?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Kaspersky Security for Internet Gateway</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-112329"><a href="https://www.kaspersky.com/enterprise-security/embedded-systems?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Kaspersky Embedded Systems Security</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-112330"><a href="https://www.kaspersky.com/enterprise-security/kaspersky-iot-infrastructure-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Kaspersky IoT Infrastructure Security</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-112331"><a href="https://www.kaspersky.com/enterprise-security/kaspersky-secure-remote-workspace?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Kaspersky Secure Remote Workspace</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-112332"><a href="https://www.kaspersky.com/enterprise-security/mail-server-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Kaspersky Security for Mail Server</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87740"><a target="_blank" href="https://www.kaspersky.com/enterprise-security/products?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">View All</a> </ul> </ul> <li class="dropdown mega menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-87741"><a href="https://www.kaspersky.com/enterprise-security/services?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Services</a> <ul class="submenu"> <li class="first featured featured-smaller menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-87742"> <ul class="featured section-col-l-3 no-gutter"> <li class="show-figure smaller-item icon-cybersecurity-services menu-item menu-item-type-custom menu-item-object-custom menu-item-87743"><figure><a href="https://www.kaspersky.com/enterprise-security/cybersecurity-services?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/cybersecurity-services.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/cybersecurity-services?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>Cybersecurity Services</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/cybersecurity-services?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item menu-item menu-item-type-custom menu-item-object-custom menu-item-105619"><a href="https://www.kaspersky.com/enterprise-security/security-awareness?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>Security Awareness</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/security-awareness?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-premium-support menu-item menu-item-type-custom menu-item-object-custom menu-item-87745"><figure><a href="https://www.kaspersky.com/enterprise-security/premium-support?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/premium-support.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/premium-support?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>Premium Support</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/premium-support?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-threat-intelligence menu-item menu-item-type-custom menu-item-object-custom menu-item-87746"><figure><a href="https://www.kaspersky.com/enterprise-security/threat-intelligence?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/threat-intelligence.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/threat-intelligence?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>Threat Intelligence</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/threat-intelligence?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-incident-response menu-item menu-item-type-custom menu-item-object-custom menu-item-87748"><figure><a href="https://www.kaspersky.com/enterprise-security/managed-detection-and-response?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/incident-response.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/managed-detection-and-response?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>Managed Detection and Response</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/managed-detection-and-response?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-threat-hunting menu-item menu-item-type-custom menu-item-object-custom menu-item-87747"><figure><a href="https://www.kaspersky.com/enterprise-security/compromise-assessment?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/threat-hunting.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/compromise-assessment?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>Compromise Assessment</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/compromise-assessment?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-threat-hunting menu-item menu-item-type-custom menu-item-object-custom menu-item-112333"><figure><a href="https://www.kaspersky.com/enterprise-security/soc-consulting?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/threat-hunting.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/soc-consulting?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>SOC Consulting</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/soc-consulting?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> </ul> <li> <ul class="regular"> <li class="title"><h6>Other Services</h6> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87751"><a href="https://www.kaspersky.com/enterprise-security/professional-services?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Kaspersky Professional Services</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87752"><a href="https://www.kaspersky.com/enterprise-security/incident-response?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Kaspersky Incident Response</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87753"><a href="https://www.kaspersky.com/enterprise-security/cyber-security-training?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Kaspersky Cybersecurity Training</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87755"><a href="https://www.kaspersky.com/enterprise-security/services?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">View All</a> </ul> </ul> <li class="dropdown menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-87756"><a href="https://www.kaspersky.com/enterprise-security/resources?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Resource Center</a> <ul class="submenu"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87757"><a href="https://www.kaspersky.com/enterprise-security/resources/case-studies?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Case Studies</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87758"><a href="https://www.kaspersky.com/enterprise-security/resources/white-papers?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">White Papers</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87759"><a href="https://www.kaspersky.com/enterprise-security/resources/data-sheets?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Datasheets</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87760"><a href="https://www.kaspersky.com/enterprise-security/wiki-section/home?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Technologies</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105620"><a href="https://www.kaspersky.com/MITRE?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">MITRE ATT&CK</a> </ul> <li class="dropdown menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-87761"><a href="https://www.kaspersky.com/about?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">About Us</a> <ul class="submenu"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105621"><a href="https://www.kaspersky.com/about/transparency?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Transparency</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105622"><a href="https://www.kaspersky.com/about/press-releases?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Corporate News</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105623"><a href="https://press.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Press Center</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105624"><a href="https://www.kaspersky.com/about/careers?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Careers</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105626"><a href="https://www.kaspersky.com/about/sponsorships/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Sponsorship</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105627"><a href="https://www.kaspersky.com/about/policy-blog?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Policy Blog</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105628"><a href="https://www.kaspersky.com/about/contact?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Contacts</a> </ul> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87762"><a href="https://www.kaspersky.com/gdpr?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">GDPR</a> </ul> </nav> </div> </header> <div class="mobile-menu-wrapper mobile-menu-wrapper--dark"> <ul class="mobile-nav" data-back="Back"> <li class="selector"> <a data-element-id="subscribe-button" href="#modal-newsletter" class="button-link js-modal-open"><i class="font-icons icon-envelope"></i>Subscribe</a> <a href="#" class="button-link c-theme-switcher js-theme-switcher"><i class="font-icons icon-moon"></i> Dark mode<span class="u-hidden u-inline--dark"> off</span></a> <a data-element-id="login-button" href="#" class="button-link js-kaspersky-sso-login"><svg class="o-icon o-svg-icon"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-user"></use></svg>Login</a> </li> <li class="title"> <span>Securelist menu</span> </li> <li class="parent" data-parent data-icon="top-item"><a data-element-id="lang-selector" href="#" class=""><i class="top-item"></i><span>English</span></a><ul class="submenu"><li class="menu-item"><a href="https://securelist.ru">Russian</a></li><li class="menu-item"><a href="https://securelist.lat">Spanish</a></li></ul> <li class="parent" data-parent="Existing Customers" data-icon="font-icons top-item"><a rel="Existing Customers" href="#"><i class="font-icons top-item"></i><span>Existing Customers</span></a> <ul class="submenu"> <li class="parent" data-parent="Personal" data-icon="top-item"><a rel="Personal" href="#"><i class="top-item"></i><span>Personal</span></a> <ul class="submenu"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87860"><a href="https://my.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">My Kaspersky</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105987"><a href="https://www.kaspersky.com/renewal-center/home?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Renew your product</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105988"><a href="https://www.kaspersky.com/downloads?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Update your product</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105989"><a href="https://support.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Customer support</a> </ul> <li class="parent" data-parent="Business" data-icon="top-item"><a rel="Business" href="#"><i class="top-item"></i><span>Business</span></a> <ul class="submenu"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105991"><a href="https://ksos.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">KSOS portal</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105992"><a href="https://cloud.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Kaspersky Business Hub</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105993"><a href="https://support.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Technical Support</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105994"><a href="https://www.kaspersky.com/small-to-medium-business-security/resources?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Knowledge Base</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105995"><a href="https://www.kaspersky.com/renewal-center/vsb?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Renew License</a> </ul> </ul> <li class="parent" data-parent="Home" data-icon="font-icons top-item"><a rel="Home" href="#"><i class="font-icons top-item"></i><span>Home</span></a> <ul class="submenu"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87778"><a href="https://www.kaspersky.com/home-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Products</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87771"><a href="https://www.kaspersky.com/downloads?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Trials&Update</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87859"><a href="https://www.kaspersky.com/resource-center?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Resource Center</a> </ul> <li class="parent" data-parent="Business" data-icon="top-item"><a rel="Business" href="#"><i class="top-item"></i><span>Business</span></a> <ul class="submenu"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-112353"><a href="https://www.kaspersky.com/next?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Kaspersky Next</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87776"><a href="https://www.kaspersky.com/small-business-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Small Business (1-50 employees)</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87782"><a href="https://www.kaspersky.com/small-to-medium-business-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Medium Business (51-999 employees)</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87783"><a href="https://www.kaspersky.com/enterprise-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Enterprise (1000+ employees)</a> </ul> <li class="splitter"></li> <li class="title"><span>Securelist</span> <li class="parent" data-parent="" data-icon="top-item"><a href="https://securelist.com/threat-categories/"><i class="top-item"></i><span>Threats</span></a> <ul class="submenu"> <li class="menu-item menu-item-type-taxonomy menu-item-object-threat-category current-post-ancestor current-menu-parent current-post-parent menu-item-89472"><a href="https://securelist.com/threat-category/financial-threats/">Financial threats</a> <li class="menu-item menu-item-type-taxonomy menu-item-object-threat-category menu-item-89467"><a href="https://securelist.com/threat-category/mobile-threats/">Mobile threats</a> <li class="menu-item menu-item-type-taxonomy menu-item-object-threat-category menu-item-89471"><a href="https://securelist.com/threat-category/web-threats/">Web threats</a> <li class="menu-item menu-item-type-taxonomy menu-item-object-threat-category menu-item-89468"><a href="https://securelist.com/threat-category/secure-environment/">Secure environment (IoT)</a> <li class="menu-item menu-item-type-taxonomy menu-item-object-threat-category menu-item-89470"><a href="https://securelist.com/threat-category/vulnerabilities-and-exploits/">Vulnerabilities and exploits</a> <li class="menu-item menu-item-type-taxonomy menu-item-object-threat-category menu-item-89466"><a href="https://securelist.com/threat-category/spam-and-phishing/">Spam and Phishing</a> <li class="menu-item menu-item-type-taxonomy menu-item-object-threat-category menu-item-89469"><a href="https://securelist.com/threat-category/industrial-threats/">Industrial threats</a> </ul> <li class="parent" data-parent="" data-icon="top-item"><a href="https://securelist.com/categories/"><i class="top-item"></i><span>Categories</span></a> <ul class="submenu"> <li class="menu-item menu-item-type-taxonomy menu-item-object-category current-post-ancestor current-menu-parent current-post-parent menu-item-87880"><a href="https://securelist.com/category/apt-reports/">APT reports</a> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-87881"><a href="https://securelist.com/category/incidents/">Incidents</a> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-87886"><a href="https://securelist.com/category/research/">Research</a> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-89476"><a href="https://securelist.com/category/malware-reports/">Malware reports</a> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-89479"><a href="https://securelist.com/category/spam-and-phishing-reports/">Spam and phishing reports</a> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-89477"><a href="https://securelist.com/category/publications/">Publications</a> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-87882"><a href="https://securelist.com/category/kaspersky-security-bulletin/">Kaspersky Security Bulletin</a> </ul> <li class="menu-item menu-item-type-post_type menu-item-object-page current_page_parent menu-item-101953"><a href="https://securelist.com/all/">Archive</a> <li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-87899"><a href="https://securelist.com/tags/">All Tags</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-101954"><a href="https://apt.securelist.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">APT Logbook</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-101955"><a href="https://securelist.com/webinars/">Webinars</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-102687"><a href="https://statistics.securelist.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Statistics</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87901"><a target="_blank" href="https://encyclopedia.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Encyclopedia</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87902"><a target="_blank" href="https://threats.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Threats descriptions</a> <li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-105984"><a href="https://securelist.com/ksb-2021/">KSB 2021</a> <li class="splitter"></li> <li class="parent" data-parent="About Us" data-icon="top-item"><a rel="About Us" href="#"><i class="top-item"></i><span>About Us</span></a> <ul class="submenu"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87792"><a href="https://www.kaspersky.com/about/company?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Company</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87968"><a href="https://www.kaspersky.com/transparency?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Transparency</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87971"><a href="https://www.kaspersky.com/about/press-releases?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Corporate News</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87796"><a href="https://press.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Press Center</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87797"><a href="https://www.kaspersky.com/about/careers?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Careers</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87798"><a href="https://www.kaspersky.com/about/sponsorships/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Sponsorships</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87970"><a href="https://www.kaspersky.com/about/policy-blog?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Policy Blog</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87793"><a href="https://www.kaspersky.com/about/contact?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Contacts</a> </ul> <li class="parent" data-parent="Partners" data-icon="top-item"><a rel="Partners" href="#"><i class="top-item"></i><span>Partners</span></a> <ul class="submenu"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87768"><a href="https://www.kasperskypartners.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Find a Partner</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87769"><a href="https://www.kaspersky.com/partners?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Partner Program</a> </ul> </ul> <div class="background-overlay"></div> </div> <div class="c-page"> <section class="c-block c-block--bg-image c-page-header js-sticky-header" style="background-image: url(https://securelist.com/wp-content/themes/securelist2020/assets/images/content/bg-gradient-01.jpg);"> <div class="o-container-fluid"> <div class="c-page-header__wrapper u-mt-spacer-base-"> <div class="o-row o-row--small-gutters"> <div class="o-col-3@md u-mt-spacer-base-"> <a data-element-id="content-menu" href="#" class="c-page-nav-toggle js-main-menu-toggle"> <span class="c-page-nav-toggle__icon"> <span></span> <span></span> <span></span> </span> <span class="c-page-nav-toggle__text">Content menu</span> <span class="c-page-nav-toggle__text c-page-nav-toggle__text--active">Close</span> </a> </div> <div class="o-col-6@md"> <form class="c-page-search__form js-main-search-popup js-wizardinfosys_autosearch_form" full_search_url="https://securelist.com/?s=%q%" action="https://securelist.com/" method="get"> <div class="c-form-element c-form-element--style-fill"> <div class="c-form-element__field wp_autosearch_form_wrapper"> <input name="s" class="c-form-element__text wp_autosearch_input ac_input" data-webinars="" type="text" value="" placeholder="Search..." autocomplete="off"> </div> </div> <button class="c-button c-button--icon wp_autosearch_submit"><svg class="o-icon o-svg-icon o-svg-large"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-search"></use></svg></button> </form> </div> <div class="o-col-3@md c-page-header__utilities"> <a data-element-id="subscribe-button" href="#modal-newsletter" class="c-button c-subscribe-modal-toggle js-modal-open"><svg class="o-icon o-svg-icon o-svg-large"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-envelope"></use></svg><span>Subscribe</span></a> <div class="c-page-header__dropdown-wrapper"> </div> </div> </div> </div> </div> <nav class="c-page-nav c-color--invert"> <div class="o-container-fluid"> <div class="o-row o-row--small-gutters"> <div class="o-col-3@md c-page-nav__info"> <div class="c-site-logo__group"> <a data-element-id="content-menu-securelist-logo" href="https://securelist.com/" class="c-site-logo c-site-logo--basic c-site-logo--sm"></a> <span class="c-site-tagline">by Kaspersky</span> </div> <a data-element-id="content-menu-dark-mode" href="#" class="c-theme-switcher js-theme-switcher"><i class="font-icons icon-moon"></i> Dark mode<span class="u-hidden u-inline--dark"> off</span></a> </div> <div class="o-col-9@md"> <div class="c-page-menu"> <div class="o-row c-page-menu__dividers"> <div class="o-col-4@md"><div class="c-accordion js-accordion c-accordion--reset@md"><p id="menu-item-226" class="menu-item-threats section-title accordion menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-226 c-page-menu__title u-hidden u-block@md"><a href="https://securelist.com/threat-categories/" data-element-id="content-menu-link">Threats</a></p><div class="c-accordion-toggle js-accordion-toggle"><p>Threats</p></div><div class="c-accordion-container js-accordion-container"> <ul class="sub-menu"> <li id="menu-item-99839" class="menu-item menu-item-type-taxonomy menu-item-object-threat-category menu-item-99839"><a href="https://securelist.com/threat-category/apt-targeted-attacks/" data-element-id="content-menu-link">APT (Targeted attacks)</a></li> <li id="menu-item-89457" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-89457"><a href="https://securelist.com/threat-category/secure-environment/" data-element-id="content-menu-link">Secure environment (IoT)</a></li> <li id="menu-item-63231" class="topic-item vulnerabilities menu-item menu-item-type-custom menu-item-object-custom menu-item-63231"><a href="https://securelist.com/threat-category/mobile-threats/" data-element-id="content-menu-link">Mobile threats</a></li> <li id="menu-item-63229" class="topic-item detected menu-item menu-item-type-custom menu-item-object-custom menu-item-63229"><a href="https://securelist.com/threat-category/financial-threats/" data-element-id="content-menu-link">Financial threats</a></li> <li id="menu-item-89458" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-89458"><a href="https://securelist.com/threat-category/spam-and-phishing/" data-element-id="content-menu-link">Spam and phishing</a></li> <li id="menu-item-99840" class="menu-item menu-item-type-taxonomy menu-item-object-threat-category menu-item-99840"><a href="https://securelist.com/threat-category/industrial-threats/" data-element-id="content-menu-link">Industrial threats</a></li> <li id="menu-item-89465" class="menu-item menu-item-type-taxonomy menu-item-object-threat-category menu-item-89465"><a href="https://securelist.com/threat-category/web-threats/" data-element-id="content-menu-link">Web threats</a></li> <li id="menu-item-89459" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-89459"><a href="https://securelist.com/threat-category/vulnerabilities-and-exploits/" data-element-id="content-menu-link">Vulnerabilities and exploits</a></li> <li id="menu-item-113855" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-113855"><a href="https://securelist.com/threat-categories/" data-element-id="content-menu-link">All threats</a></li> </ul> </li> </li></ul></div></div></div><div class="o-col-4@md"><div class="c-accordion js-accordion c-accordion--reset@md"><p id="menu-item-230" class="menu-item-categories section-title accordion menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-230 c-page-menu__title u-hidden u-block@md"><a href="https://securelist.com/categories/" data-element-id="content-menu-link">Categories</a></p><div class="c-accordion-toggle js-accordion-toggle"><p>Categories</p></div><div class="c-accordion-container js-accordion-container"> <ul class="sub-menu"> <li id="menu-item-84158" class="menu-item menu-item-type-taxonomy menu-item-object-category current-post-ancestor current-menu-parent current-post-parent menu-item-84158"><a href="https://securelist.com/category/apt-reports/" data-element-id="content-menu-link">APT reports</a></li> <li id="menu-item-99841" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-99841"><a href="https://securelist.com/category/malware-descriptions/" data-element-id="content-menu-link">Malware descriptions</a></li> <li id="menu-item-84160" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-84160"><a href="https://securelist.com/category/kaspersky-security-bulletin/" data-element-id="content-menu-link">Security Bulletin</a></li> <li id="menu-item-84161" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-84161"><a href="https://securelist.com/category/malware-reports/" data-element-id="content-menu-link">Malware reports</a></li> <li id="menu-item-89460" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-89460"><a href="https://securelist.com/category/spam-and-phishing-reports/" data-element-id="content-menu-link">Spam and phishing reports</a></li> <li id="menu-item-99842" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-99842"><a href="https://securelist.com/category/security-technologies/" data-element-id="content-menu-link">Security technologies</a></li> <li id="menu-item-84165" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-84165"><a href="https://securelist.com/category/research/" data-element-id="content-menu-link">Research</a></li> <li id="menu-item-84164" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-84164"><a href="https://securelist.com/category/publications/" data-element-id="content-menu-link">Publications</a></li> <li id="menu-item-113876" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-113876"><a href="https://securelist.com/categories/" data-element-id="content-menu-link">All categories</a></li> </ul> </li> </li></ul></div></div></div><div class="o-col-4@md"><p id="menu-item-277" class="menu-item-tags section-title after-accordion menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-277 c-page-menu__title u-hidden u-block@md"><a data-element-id="content-menu-link">Other sections</a></p> <ul class="sub-menu"> <li id="menu-item-100526" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-100526"><a href="https://securelist.com/all/" data-element-id="content-menu-link">Archive</a></li> <li id="menu-item-57837" class="show-all-tags menu-item menu-item-type-post_type menu-item-object-page menu-item-57837"><a href="https://securelist.com/tags/" data-element-id="content-menu-link">All tags</a></li> <li id="menu-item-101956" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-101956"><a href="https://securelist.com/webinars/" data-element-id="content-menu-link">Webinars</a></li> <li id="menu-item-101126" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-101126"><a target="_blank" rel="noopener noreferrer" href="https://apt.securelist.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="content-menu-link">APT Logbook</a></li> <li id="menu-item-241" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-241"><a target="_blank" rel="noopener noreferrer" href="https://statistics.securelist.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="content-menu-link">Statistics</a></li> <li id="menu-item-86643" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-86643"><a target="_blank" rel="noopener noreferrer" href="https://encyclopedia.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="content-menu-link">Encyclopedia</a></li> <li id="menu-item-58141" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-58141"><a target="_blank" rel="noopener noreferrer" href="https://threats.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="content-menu-link">Threats descriptions</a></li> <li id="menu-item-115044" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-115044"><a href="https://securelist.com/ksb-2024/" data-element-id="content-menu-link">KSB 2024</a></li> </ul> </li> </div> </div> </div> </div> </div> </div> </nav> </section> <section class="c-block c-block--spacing-t@md c-block--spacing-b-small@md c-block--divider-internal" style="z-index:10"> <div class="o-container-fluid"> <article class="c-article"> <header class="c-article__header"> <figure class="c-article__figure u-hidden@md"> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/05/08094429/fintech_abstract-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" fetchpriority="high" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/05/08094429/fintech_abstract-800x450.jpg" data-srcset="" srcset="" /> </figure> <p class="c-article__headline u-hidden@md"> <a href="https://securelist.com/category/apt-reports/" class="c-tag c-tag--primary">APT reports</a> </p> <h1 class="c-article__title">FIN7.5: the infamous cybercrime rig “FIN7” continues its activities</h1> <div class="c-article__info"> <p class="c-article__headline u-hidden u-block@md"> <a href="https://securelist.com/category/apt-reports/" class="c-tag c-tag--primary">APT reports</a> </p> <p class="u-uppercase"><time datetime="2019-05-08T10:00:04+00:00">08 May 2019</time></p> <p class="c-article__reading u-ml-auto@md"> <svg class="o-icon o-svg-icon"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-hourglass"></use></svg> <span class="js-reading-time"></span> minute read </p> </div> </header> <div class="c-article__wrapper"> <div class="c-article__main"> <div class="o-row c-article__container"> <div class="o-col c-article__content js-article-body"> <div class="js-reading-wrapper"> <figure class="c-article__figure u-hidden u-block@md"> <img width="1200" height="600" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/05/08094429/fintech_abstract-1200x600.jpg" class="attachment-securelist-2020-thumbnail-large size-securelist-2020-thumbnail-large wp-post-image" alt="" decoding="async" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/05/08094429/fintech_abstract-1200x600.jpg" data-srcset="" srcset="" /> </figure> <div class="c-article__authors u-hidden u-block@md"> <p class="c-block__title">Authors</p> <ul class="c-list-authors"> <li> <a href="https://securelist.com/author/yurynamestnikov/" > <img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/avatar-default/avatar_default_1.png"> <span>Yury Namestnikov</span></a> </li> <li> <a href="https://securelist.com/author/felixaime/" > <img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/avatar-default/avatar_default_2.png"> <span>Félix Aime</span></a> </li> </ul> </div> <div class="js-reading-content"> <div class="c-wysiwyg"> <p>On August 1, 2018, the US Department of Justice announced that it had arrested several individuals suspected of having ties to the FIN7 cybercrime rig. FIN7 operations are linked to numerous intrusion attempts having targeted hundreds of companies since at least as early as 2015. Interestingly, this threat actor created fake companies in order to hire remote pentesters, developers and interpreters to participate in their malicious business. The main goal behind its malicious activities was to steal financial assets from companies, such as debit cards, or get access to financial data or computers of finance department employees in order to conduct wire transfers to offshore accounts.</p> <p>In 2018-2019, researchers of Kaspersky Lab’s Global Research and Analysis Team analyzed various campaigns that used the same Tactics Tools and Procedures (TTPs) as the historic FIN7, leading the researchers to believe that this threat actor had remained active despite the 2018 arrests. In addition, during the investigation, we discovered certain similarities to other attacker groups that seemed to share or copy the FIN7 TTPs in their own operations.</p> <h2><strong>Recent FIN7 campaigns</strong></h2> <p>The FIN7 intrusion set continued its tailored spear phishing campaigns throughout last year. Kaspersky Lab has been able to retrieve some of these exchanges from a FIN7 target. The spear phishing campaigns were remarkably sophisticated from a social engineering perspective. In various cases, the operators exchanged numerous messages with their victims for weeks before sending their malicious documents. The emails were efficient social-engineering attempts that appealed to a vast number of human emotions (fear, stress, anger, etc.) to elicit a response from their victims. One of the domains used by the attackers in their 2018 campaign of spear phishing contained more than 130 email aliases, leading us to think that more than 130 companies had been targeted by the end of 2018.</p> <h3><strong>Malicious Documents</strong></h3> <p>We have seen two types of documents sent to victims in these spear phishing campaigns. The first one exploits the INCLUDEPICTURE feature of Microsoft Word to get context information about the victim’s computer, and the availability and version number of Microsoft Word. The second one, which in many cases is an Office document protected with a trivial password, such as “12345”, “1234”, etc., uses macros to execute a GRIFFON implant on the target’s computer. In various cases, the associated macro also scheduled tasks to make GRIFFON persistent.</p> <p>Interestingly, following some open-source publications about them, the FIN7 operators seems to have developed a homemade builder of malicious Office document using ideas from ThreadKit, which they employed during the summer of 2018. The new builder inserts random values in the Author and Company metadata fields. Moreover, the builder allows these to modify different IOCs, such as the filenames of wscript.exe or sctasks.exe copies, etc.</p> <table> <tbody> <tr> <td><strong>wscript.exe copy</strong></td> <td><strong>sctasks copy</strong></td> <td><strong>Task name</strong></td> <td><strong>C2</strong></td> </tr> <tr> <td><strong>byzNne10.exe</strong></td> <td>byzNne17.exe</td> <td>TaskbyzNne</td> <td>logitech-cdn.com</td> </tr> <tr> <td>c9FGG10.exe</td> <td>c9FGG17.exe</td> <td>Taskc9FGG</td> <td>logitech-cdn.com</td> </tr> <tr> <td><strong>zEsb10.exe</strong></td> <td>zEsb17.exe</td> <td>TaskzEsb</td> <td>servicebing-cdn.com</td> </tr> </tbody> </table> <p style="text-align:center;font-style:italic;font-weight:bold">IOCs extracted from docs which use sctasks for GRIFFON persistence</p> <table> <tbody> <tr> <td><strong>Author</strong></td> <td><strong>Company</strong></td> <td><strong>wscript.exe copy</strong></td> <td><strong>C2</strong></td> </tr> <tr> <td>mogjxjtvte</td> <td>mogjxjtvte</td> <td>mswmex44.exe</td> <td>logitech-cdn[.]com</td> </tr> <tr> <td>soxvremvge</td> <td>soxvremvge</td> <td>c9FGG10.exe</td> <td>logitech-cdn[.]com</td> </tr> <tr> <td>gareljtjhvd</td> <td>gareljtjhvd</td> <td>zEsb10.exe</td> <td>servicebing-cdn[.]com</td> </tr> </tbody> </table> <p style="text-align:center;font-style:italic;font-weight:bold">IOCs extracted from regular documents associated to GRIFFON</p> <h3><strong>GRIFFON Implant</strong></h3> <div style="width: 1010px" class="wp-caption aligncenter"><a target="_blank" href="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/05/07144433/sas-fin-7-1.png" rel="noopener noreferrer" class="magnificImage"><img decoding="async" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/05/07144433/sas-fin-7-1.png" style="max-height:60vh" alt="" class="aligncenter size-full wp-image-81520" /></a><p class="wp-caption-text"><em>Griffon Malware attack pattern</em></p></div> <p>The GRIFFON implant is a lightweight JScript validator-style implant without any persistence mechanism. The malware is designed for receiving modules to be executed in-memory and sending the results to C2s. We were able to obtain four different modules during the investigation.</p> <h4><strong>Reconnaissance module</strong></h4> <p>The first module downloaded by the GRIFFON malware to the victim’s computer is an information-gathering JScript, which allows the cybercriminals to understand the context of the infected workstation. This module mainly relies on WMI and Windows objects to deliver results, which will be sent back to the operators. Interestingly, more than 20 artifacts are retrieved from the system by this implant during the reconnaissance stage, from the date and time of operating system installation and membership in a Windows domain to a list of and the resolutions of the workstation’s monitors.</p> <h4><strong>Meterpreter downloader</strong></h4> <p>The second module is used by the operators to execute an obfuscated PowerShell script, which contains a Meterpreter downloader widely known as “<em>Tinymet</em>“. This downloader, seen in past FIN7 campaigns, downloads a one-byte XOR-encrypted (eg. with the key equal to 0x50 or 0x51) piece of meterpreter shellcode to execute.</p> <h4><strong>Screenshot module</strong></h4> <p>The third module allows the operators to take a screenshot of the remote system. To do that, it also drops a PowerShell script on the workstation to execute. The script executes an open-source .NET class used for taking a screenshot. The resulting screenshot is saved at “%TMP%/image.png”, sent back to the attackers by the GRIFFON implant and then deleted.</p> <h4><strong>Persistence module</strong></h4> <p>The last retrieved module is a persistence module. If the victim appears valuable to the attackers, a GRIFFON implant installer is pushed to the victim’s workstation. This module stores another instance of the GRIFFON implant inside the registry to achieve persistence. Here is a PowerLinks-style method used by the attackers to achieve persistence and execute the GRIFFON implant at each user logon. The new GRIFFON implant is written to the hard drive before each execution, limiting the “file-less” aspect of this method.</p> <p>Through its light weight and modular architecture, the GRIFFON implant is the perfect validator. Even though we have been able to retrieve four different modules, it is possible that the FIN7 operators have more modules in their toolsets for achieving their objectives on the victim’s workstation.</p> <h2><strong>On the hunt for GRIFFON infrastructure</strong></h2> <p>Attackers make mistakes, and FIN7 are no exception. The major error made by its operators allowed us to follow the command and control server of the GRIFFON implant last year. In order to trick blue teams and other DFIR analysts, the operators created fake HTTP 302 redirection to various Google services on their C2s servers.</p> <div id="crayon-67b3ea85b95b5813440594" class="crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate" data-settings=" minimize scroll-mouseover" style=" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;"> <div class="crayon-toolbar" data-settings=" mouseover overlay hide delay" style="font-size: 12px !important;height: 18px !important; line-height: 18px !important;"><span class="crayon-title"></span> <div class="crayon-tools" style="font-size: 12px !important;height: 18px !important; line-height: 18px !important;"><div class="crayon-button crayon-nums-button" title="Toggle Line Numbers"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-plain-button" title="Toggle Plain Code"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-wrap-button" title="Toggle Line Wrap"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-expand-button" title="Expand Code"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-copy-button" title="Copy"><div class="crayon-button-icon"></div></div><div class="crayon-button crayon-popup-button" title="Open Code In New Window"><div class="crayon-button-icon"></div></div></div></div> <div class="crayon-info" style="min-height: 16.8px !important; line-height: 16.8px !important;"></div> <div class="crayon-plain-wrap"><textarea wrap="soft" class="crayon-plain print-no" data-settings="dblclick" readonly style="-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;"> HTTP/1.1 302 Found Server: nginx Date: [retracted] Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive Location: https://cloud.google.com/cdn/</textarea></div> <div class="crayon-main" style=""> <table class="crayon-table"> <tr class="crayon-row"> <td class="crayon-nums " data-settings="show"> <div class="crayon-nums-content" style="font-size: 12px !important; line-height: 15px !important;"><div class="crayon-num" data-line="crayon-67b3ea85b95b5813440594-1">1</div><div class="crayon-num crayon-striped-num" data-line="crayon-67b3ea85b95b5813440594-2">2</div><div class="crayon-num" data-line="crayon-67b3ea85b95b5813440594-3">3</div><div class="crayon-num crayon-striped-num" data-line="crayon-67b3ea85b95b5813440594-4">4</div><div class="crayon-num" data-line="crayon-67b3ea85b95b5813440594-5">5</div><div class="crayon-num crayon-striped-num" data-line="crayon-67b3ea85b95b5813440594-6">6</div><div class="crayon-num" data-line="crayon-67b3ea85b95b5813440594-7">7</div></div> </td> <td class="crayon-code"><div class="crayon-pre" style="font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;"><div class="crayon-line" id="crayon-67b3ea85b95b5813440594-1"><span class="crayon-i">HTTP</span>/<span class="crayon-cn">1.1</span><span class="crayon-h"> </span><span class="crayon-cn">302</span><span class="crayon-h"> </span><span class="crayon-e">Found</span></div><div class="crayon-line crayon-striped-line" id="crayon-67b3ea85b95b5813440594-2"><span class="crayon-i">Server</span><span class="crayon-sy">:</span><span class="crayon-h"> </span><span class="crayon-e">nginx</span></div><div class="crayon-line" id="crayon-67b3ea85b95b5813440594-3"><span class="crayon-i">Date</span><span class="crayon-sy">:</span><span class="crayon-h"> </span><span class="crayon-sy">[</span><span class="crayon-i">retracted</span><span class="crayon-sy">]</span></div><div class="crayon-line crayon-striped-line" id="crayon-67b3ea85b95b5813440594-4"><span class="crayon-i">Content</span>-<span class="crayon-i">Type</span><span class="crayon-sy">:</span><span class="crayon-h"> </span><span class="crayon-i">text</span>/<span class="crayon-i">html</span><span class="crayon-sy">;</span><span class="crayon-h"> </span><span class="crayon-i">charset</span>=<span class="crayon-i">UTF</span>-<span class="crayon-cn">8</span></div><div class="crayon-line" id="crayon-67b3ea85b95b5813440594-5"><span class="crayon-i">Content</span>-<span class="crayon-i">Length</span><span class="crayon-sy">:</span><span class="crayon-h"> </span><span class="crayon-cn">0</span></div><div class="crayon-line crayon-striped-line" id="crayon-67b3ea85b95b5813440594-6"><span class="crayon-i">Connection</span><span class="crayon-sy">:</span><span class="crayon-h"> </span><span class="crayon-i">keep</span>-<span class="crayon-e">alive</span></div><div class="crayon-line" id="crayon-67b3ea85b95b5813440594-7"><span class="crayon-i">Location</span><span class="crayon-sy">:</span><span class="crayon-h"> </span><span class="crayon-i">https</span><span class="crayon-sy">:</span><span class="crayon-c">//cloud.google.com/cdn/</span></div></div></td> </tr> </table> </div> </div> <p style="text-align:center;font-style:italic;font-weight:bold"><strong>Returned headers for most of the GRIFFON C2s servers on port 443</strong></p> <p>This error allowed us to follow the infrastructure week by week, until an individual pushed on Twitter the heuristic to track their C2 at the end of December 2018. A few days after the tweet, in January 2019, the operators changed their landing page in order to prevent this type of tracking against their infrastructure.</p> <h3><strong>Fake pentest company</strong></h3> <p>During the investigation related to the GRIFFON infrastructure, we found a strange overlap between the WHOIS record of an old GRIFFON C2 and the website of a fake company.</p> <p>According to the website, that domain supposedly belongs to a legitimate security company “fully owned by the Russian Government” (sic.) and having offices in “Moscow, Saint Petersburg and Yekaterinburg”, but the address says the company is located in Trump Tower, in New York. Given FIN7’s previous use of false security companies, we decided to look deeper into this one.</p> <p>As we were looking at the content of the website, it became evident that almost all of the text used was lifted from legitimate security-company websites. Phrases and sentences were borrowed from at least the following companies/sites:</p> <ul> <li>DKSec – www.dksec.com</li> <li>OKIOK – www.okiok.com/services/tailored-solutions</li> <li>MainNerve – www.mainnerve.com</li> <li>Datics – www.datatics.com/cyber-security</li> <li>Perspective Risk – www.perspectiverisk.com</li> <li>Synack – https://www.synack.com/company</li> <li>FireEye – https://www.fireeye.com/services/penetration-testing.html</li> </ul> <p>This company seems to have been used by the FIN7 threat actor to hire new people as translators, developers and pentesters. During our research, we found various job advertisements associated with the company on freelance and remote-work websites.</p> <p>In addition to that, various individuals have mentioned the company in their resumes. We believe that some of these individuals may not even be aware that they are working for a cybercrime business.</p> <h2><strong>Links to other intrusion sets</strong></h2> <p>While tracking numerous threat actors on a daily basis during the final days of 2018 and at the beginning of 2019, we discovered various activity clusters sharing certain TTPs associated with the FIN7 intrusion set. The link between these threat actors and FIN7 is still weak, but we decided to disclose a few hints regarding these in this blog post.</p> <h3><strong>CobaltGoblin/EmpireMonkey</strong></h3> <p>In his history, FIN7 has overlapped several times with Cobalt/EmpireMonkey in terms of TTPs. This activity cluster, which Kaspersky Lab has followed for a few years, uses various implants for targeting mainly banks, and developers of banking and money processing software solutions. At the end of 2018, the cluster started to use not only CobaltStrike but also Powershell Empire in order to gain a foothold on the victims’ networks. After a successful penetration, it uses its own backdoors and the CobaltStrike framework or Powershell Empire components to hop to interesting parts of the network, where it can monetize its access.</p> <p>FIN7’s last campaigns were targeting banks in Europe and Central America. This threat actor stole <a target="_blank" href="https://www.timesofmalta.com/articles/view/20190225/local/how-bov-hackers-got-away-with-13-million.702800" rel="noopener noreferrer">suspected of stealing</a> €13 million from Bank of Valetta, Malta earlier this year.</p> <div style="width: 1010px" class="wp-caption aligncenter"><a target="_blank" href="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/05/07150038/sas-fin-7-2.png" rel="noopener noreferrer" class="magnificImage"><img decoding="async" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/05/07150038/sas-fin-7-2.png" style="max-height:60vh" alt="" class="aligncenter size-full wp-image-81520" /></a><p class="wp-caption-text">Example of malicious documents used in the end of 2018 to beginning of 2019</p></div> <p>A few interesting overlaps in recent FIN7 campaigns:</p> <ul> <li>Both used macros to copy wscript.exe to another file, which began with “ms” (mses.exe – FIN7, msutil.exe – EmpireMonkey).</li> </ul> <ul> <li>Both executed a JScript file named “error” in %TEMP% (Errors.txt in the case of FIN7, Errors.bat for EmpireMonkey).</li> <li>Both used DocuSign decoy documents with different macros. The macros popped the same “Document decryption error” error message—even if macro code remain totally different.</li> </ul> <p>We have a high level of confidence in a historic association between FIN7 and Cobalt, even though we believe that these two clusters of activity are operated by different teams.</p> <h3><strong>AveMaria</strong></h3> <p>AveMaria is a new botnet, whose first version we found in September 2018, right after the arrests of the FIN7 members. We have medium confidence that this botnet falls under the FIN7 umbrella. In fact, AveMaria is a classic infostealer bot that collects all possible credentials from various types of software: browsers, email clients, messengers, etc., and can act as a keylogger. Since the beginning of 2019, we have collected more than 1300 samples and extracted more than 130 C2s.</p> <p>To deliver their malware, the cyber criminals use spearphishing emails with various types of attachments: MS Office documents or spreadsheet files exploiting some known vulnerability like CVE-2017-11882, or documents with Ole2Link and SCT. They also use AutoIT droppers, password-protected EXE files and even ISO images. What is interesting, in some emails, they ask targets to phone them if they have any questions, like the FIN7 guys do.</p> <div style="width: 1010px" class="wp-caption aligncenter"><a target="_blank" href="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/05/07144536/sas-fin-7-4.png" rel="noopener noreferrer" class="magnificImage"><img decoding="async" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/05/07144536/sas-fin-7-4.png" style="max-height:60vh" alt="" class="aligncenter size-full wp-image-81520" /></a><p class="wp-caption-text">Example of AveMaria spearphing emails. Criminals suggest calling them.</p></div> <p>During the investigation into FIN7, our threat-hunting systems found an interesting overlap in between the infrastructure of FIN7 and AveMaria. Basically, two servers in the same IP range and AS14576 (autonomous system) share a non-standard SSH port, which is 222. One of the servers is a Griffon C2, and the other one, an AveMaria C2.</p> <p><a target="_blank" href="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/05/07144550/sas-fin-7-5.png" rel="noopener noreferrer" class="magnificImage"><img decoding="async" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/05/07144550/sas-fin-7-5.png" style="max-height:60vh" alt="" class="aligncenter size-full wp-image-81520" /></a> </p> <p>Distribution of targets is another factor suggesting that these two malware families may be connected. We analyzed AveMaria targets during February and March of 2019. The spearphishing emails were sent to various kinds of businesses only and did not target individuals. Thirty percent of the targets were small and medium-sized companies that were suppliers or service providers for bigger players and 21% were various types of manufacturing companies. We also spotted several typical FIN7 targets, such as retailers and hotels. Most AveMaria targets (72%) were in the EU.</p> <p><a target="_blank" href="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/05/07144612/sas-fin-7-6.png" rel="noopener noreferrer" class="magnificImage"><img decoding="async" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/05/07144612/sas-fin-7-6.png" style="max-height:60vh" alt="" class="aligncenter size-full wp-image-81520" /></a> </p> <h3><strong>CopyPaste</strong></h3> <p>At the end of 2018, while searching for new FIN7 campaigns via telemetry, we discovered a set of activity that we temporarily called “CopyPaste” from a previously unknown APT. Interestingly, this actor targeted financial entities and companies in one African country, which lead us to think that CopyPaste was associated with cybermercenaries or a training center.</p> <p>This set of activity relied on open-source tools, such as Powershell Empire, and well-documented red teaming techniques, in order to get a foothold within the victim’s networks and avoid detection.</p> <p>Here are the main similarities between CopyPaste and FIN7:</p> <ul> <li>Both used the same Microsoft PowerShell argument obfuscation order: “powershell.exe -NoP -NonI -ExecutionPolicy Bypass”. We have only seen FIN7 and CopyPaste use this argument list for executing their malicious Powershell Scripts.</li> <li>Both used decoy 302 HTTP redirections and typosquatting on their C2s (reminiscent of Cobalt and FIN7). The Empire C2s associated with CopyPaste had decoy redirections to Digitcert and Microsoft websites and used decoy job employment and tax websites with decoy redirections to host their payloads. FIN7 and Cobalt used decoy 302 HTTP redirections too, FIN7 on its GRIFFON C2s before January 2018, and Cobalt, on its staging servers, similar to CopyPaste.</li> <li>Quite recently, FIN7 threat actors typosquatted the brand “Digicert” using the domain name digicert-cdn[.]com, which is used as a command and control server for their GRIFFON implants. CopyPaste, in turn, also typosquatted this brand with their domains digicertweb[.]com and digi-cert[.]org, both used as a Powershell Empire C2 with decoy HTTP 302 redirects to the legitimate Digicert website.</li> </ul> <p>The links between CopyPaste and FIN7 are still very weak. It is possible that the CopyPaste operators were influenced by open-source publications and do not have any ties with FIN7.</p> <h2><strong>Conclusions</strong></h2> <p>During 2018, Europol and DoJ announced the arrest of the leader of the FIN7 and Carbanak/CobaltGoblin cybercrime groups. It was believed that the arrest of the group leader will have an impact on the group’s operations. However, recent data seems to indicate that the attacks have continued without significant drawbacks. One may say CobaltGoblin and FIN7 have even extended the number of groups operating under their umbrella. We observe, with various level of confidence, that there are several interconnected groups using very similar toolkits and the same infrastructure to conduct their cyberattacks.</p> <p>The first of them is the well-known FIN7, which specializes in attacking various companies to get access to financial data or PoS infrastructure. They rely on a Griffon JS backdoor and Cobalt/Meterpreter, and in recent attacks, Powershell Empire. The second one is CobaltGoblin/Carbanak/EmpireMonkey, which uses the same toolkit, techniques and similar infrastructure but targets only financial institutions and associated software/services providers.</p> <p>We link the AveMaria botnet to these two groups with medium confidence: AveMaria’s targets are mostly suppliers for big companies, and the way AveMaria manages its infrastructure is very similar to FIN7. The last piece is the newly discovered CopyPaste group, who targeted financial entities and companies in one African country, which lead us to think that CopyPaste was associated with cybermercenaries or a training center. The links between CopyPaste and FIN7 are still very weak. It is possible that the operators of this cluster of activity were influenced by open-source publications and do not have any ties with FIN7.</p> <p>All of the aforementioned groups greatly benefit from unpatched systems in corporate environments. They thus continue to use effective spearphishing campaigns in conjunction with well-known MS Office exploits generated by the framework. So far, the groups have not used any zero-days.</p> <p>FIN7/Cobalt phishing documents may seem basic, but when combined with their extensive social engineering and focused targeting, they are quite successful. As with their previous fake company “Combi Security”, we are confident that they continue to create new personas for use in either targeting or recruiting under a “new” brand, “IPC”.</p> <p>More information about these and related attacks is available to customers of Kaspersky Intelligence Reports. Contact: intelreports@kaspersky.com</p> <h2><strong>Indicators of compromise</strong></h2> <h4><strong>AveMaria</strong></h4> <ul> <li>185.61.138.249</li> <li>tain.warzonedns[.]com</li> <li>noreply377.ddns[.]net</li> <li>185.162.131.97</li> <li>91.192.100.62</li> <li>server.mtcc[.]me</li> <li>doddyfire.dyndns[.]org</li> <li>212.8.240.116</li> <li>168.167.45.162</li> <li>toekie.ddns[.]net</li> <li>warmaha.warzonedns[.]com</li> </ul> <h4><strong>CopyPaste</strong></h4> <ul> <li>digi-cert[.]org</li> <li>somtelnetworks[.]com</li> <li>geotrusts[.]com</li> <li>secureclientupdate[.]com</li> <li>digicertweb[.]com</li> <li>sport-pesa[.]org</li> <li>itaxkenya[.]com</li> <li>businessdailyafrica[.]net</li> <li>infotrak-research[.]com</li> <li>nairobiwired[.]com</li> <li>k-24tv[.]com</li> </ul> <h4><strong>FIN7/GRIFFON</strong></h4> <ul> <li>hpservice-cdn[.]com</li> <li>realtek-cdn[.]com</li> <li>logitech-cdn[.]com</li> <li>pci-cdn[.]com</li> <li>appleservice-cdn[.]com</li> <li>servicebing-cdn[.]com</li> <li>cisco-cdn[.]com</li> <li>facebook77-cdn[.]com</li> <li>yahooservices-cdn[.]com</li> <li>globaltech-cdn[.]com</li> <li>infosys-cdn[.]com</li> <li>google-services-s5[.]com</li> <li>instagram-cdn[.]com</li> <li>mse-cdn[.]com</li> <li>akamaiservice-cdn[.]com</li> <li>booking-cdn[.]com</li> <li>live-cdn2[.]com</li> <li>cloudflare-cdn-r5[.]com</li> <li>cdnj-cloudflare[.]com</li> <li>bing-cdn[.]com</li> <li>servicebing-cdn[.]com</li> <li>cdn-yahooapi[.]com</li> <li>cdn-googleapi[.]com</li> <li>googl-analytic[.]com</li> <li>mse-cdn[.]com</li> <li>tw32-cdn[.]com</li> <li>gmail-cdn3[.]com</li> <li>digicert-cdn[.]com</li> <li>vmware-cdn[.]com</li> <li>exchange-cdn[.]com</li> <li>cdn-skype[.]com</li> <li>windowsupdatemicrosoft[.]com</li> <li>msdn-cdn[.]com</li> <li>testing-cdn[.]com</li> <li>msdn-update[.]com</li> </ul> <h4><strong>EmpireMonkey/CobaltGoblin</strong></h4> <p><em>In order to preserve the privacy of the potential victims, we stripped the targeted entities from the domain names.</em></p> <ul> <li>(entity)-corporate[.]com</li> <li>(entity)-cert[.]com</li> <li>(entity)-no[.]org</li> <li>(entity)-fr[.]org</li> <li>(entity)-acquisition[.]org</li> <li>(entity)-trust[.]org</li> <li>riscomponents[.]pw</li> <li>nlscdn[.]com</li> </ul> </div> </div> </div> <div class="c-article__footer"> <div class="c-article__categories"> <ul class="c-list-tags"> <li><a href="https://securelist.com/tag/apt/" class="c-link-tag"><span>APT</span></a></li> <li><a href="https://securelist.com/tag/financial-malware/" class="c-link-tag"><span>Financial malware</span></a></li> <li><a href="https://securelist.com/tag/malware-descriptions/" class="c-link-tag"><span>Malware Descriptions</span></a></li> <li><a href="https://securelist.com/tag/powershell/" class="c-link-tag"><span>PowerShell</span></a></li> <li><a href="https://securelist.com/tag/social-engineering/" class="c-link-tag"><span>Social engineering</span></a></li> <li><a href="https://securelist.com/tag/spear-phishing/" class="c-link-tag"><span>Spear phishing</span></a></li> </ul> </div> <div class="c-article__authors u-hidden@md"> <p class="c-title--extra-small">Authors</p> <ul class="c-list-authors"> <li> <a href="https://securelist.com/author/yurynamestnikov/" > <img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/avatar-default/avatar_default_3.png"> <span>Yury Namestnikov</span></a> </li> <li> <a href="https://securelist.com/author/felixaime/" > <img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/avatar-default/avatar_default_2.png"> <span>Félix Aime</span></a> </li> </ul> </div> </div> <div id="comments" class="entry-comments c-article__comments js-comments-wrapper"> <p class="c-title--extra-small">FIN7.5: the infamous cybercrime rig “FIN7” continues its activities</p> <div id="respond" class="comment-respond"> <h3 id="reply-title" class="u-hidden"> <small></small></h3><form action="https://securelist.com/wp-comments-post.php" method="post" id="loginform" class="comment-form"><p class="comment-notes"><span id="email-notes">Your email address will not be published.</span> <span class="required-field-message">Required fields are marked <span class="required">*</span></span></p><div class="comment-form-comment"><textarea id="comment" name="comment" style="width:100%" rows="8" aria-required="true" placeholder="Type your comment here"></textarea></div><!-- .comment-form-comment --><p class="comment-form-author"><label for="author">Name <span class="required">*</span></label> <input id="author" name="author" type="text" value="" size="30" maxlength="245" autocomplete="name" required="required" /></p> <p class="comment-form-email"><label for="email">Email <span class="required">*</span></label> <input id="email" name="email" type="text" value="" size="30" maxlength="100" aria-describedby="email-notes" autocomplete="email" required="required" /></p> <script type="text/javascript"> document.addEventListener("input", function (event) { if (!event.target.closest("#comment")) return; try{ grecaptcha.render("recaptcha-submit-btn-area", { "sitekey" : "6LfQdrAaAAAAAEb_rTrwlbyc8z0Fa9CMjELY_2Ts", "theme" : "standard" }); }catch(error){/*possible duplicated instances*/} }); </script> <script src="https://www.google.com/recaptcha/api.js?hl=en&render=explicit" async defer></script> <div id="recaptcha-submit-btn-area"> </div> <noscript> <style type="text/css">#form-submit-save {display:none;}</style> <input name="submit" type="submit" id="submit-alt" tabindex="6" value="Submit Comment"/> </noscript> <p class="form-submit"><input name="submit" type="submit" id="commentsubmit" class="submit" value="Comment" /><a rel="nofollow" id="cancel-comment-reply-link" href="/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/#respond" style="display:none;">Cancel</a> <input type='hidden' name='comment_post_ID' value='90703' id='comment_post_ID' /> <input type='hidden' name='comment_parent' id='comment_parent' value='0' /> </p><p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="cdd48bec1f" /></p><p style="display: none !important;" class="akismet-fields-container" data-prefix="ak_"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_1" name="ak_js" value="114"/><script>document.getElementById( "ak_js_1" ).setAttribute( "value", ( new Date() ).getTime() );</script></p></form> </div><!-- #respond --> </div><!-- .entry-comments --> </div> <div class="o-col c-article__sidebar c-widgets--distributed u-hidden u-flex@md"> <div class="c-widget__wrapper"> <div class="js-sticky-widget"> <p><span class="c-tag c-tag--primary">KSB webinars</span></p> <div class="o-row o-row--small-gutters"> <div class="o-col-12 c-card__dividers c-card__dividers--hide-first@xs c-card__dividers--show-last@xs"> <article class="c-card c-card--hor-reverse@xs u-items-center"> <div class="c-card__body"> <header class="c-card__header"> <time datetime="2021-02-02T12:00:00+00:00" class="c-card__event-date"> 02 Feb 2021, 12:00pm </time> <h3 class="c-card__title c-card__title--has-icon"><a href="https://securelist.com/webinars/2021-predictions-episode-1-financial-cyberthreats/" class="c-card__title-icon"><svg class="o-icon o-svg-icon o-svg-larger"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-webinar"></use></svg></a><a href="https://securelist.com/webinars/2021-predictions-episode-1-financial-cyberthreats/" class="c-card__link">2021 predictions, episode 1: financial cyberthreats</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/anchisesmoraes/" > <span>Anchises Moraes</span></a> </li> <li> <a href="https://securelist.com/author/olafschwarz/" > <span>Olaf Schwarz</span></a> </li> </ul> </div> </footer> </div> </article> <article class="c-card c-card--hor-reverse@xs u-items-center"> <div class="c-card__body"> <header class="c-card__header"> <time datetime="2021-02-04T12:00:00+00:00" class="c-card__event-date"> 04 Feb 2021, 12:00pm </time> <h3 class="c-card__title c-card__title--has-icon"><a href="https://securelist.com/webinars/2021-predictions-episode-2-healthcare-cyberthreats/" class="c-card__title-icon"><svg class="o-icon o-svg-icon o-svg-larger"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-webinar"></use></svg></a><a href="https://securelist.com/webinars/2021-predictions-episode-2-healthcare-cyberthreats/" class="c-card__link">2021 predictions, episode 2: healthcare cyberthreats</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/marianamestnikova/" > <span>Maria Namestnikova</span></a> </li> </ul> </div> </footer> </div> </article> <article class="c-card c-card--hor-reverse@xs u-items-center"> <div class="c-card__body"> <header class="c-card__header"> <time datetime="2021-02-11T12:00:00+00:00" class="c-card__event-date"> 11 Feb 2021, 12:00pm </time> <h3 class="c-card__title c-card__title--has-icon"><a href="https://securelist.com/webinars/2021-predictions-episode-3-ics-cyberthreats/" class="c-card__title-icon"><svg class="o-icon o-svg-icon o-svg-larger"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-webinar"></use></svg></a><a href="https://securelist.com/webinars/2021-predictions-episode-3-ics-cyberthreats/" class="c-card__link">2021 predictions, episode 3: ICS cyberthreats</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/evgenygoncharov/" > <span>Evgeny Goncharov</span></a> </li> </ul> </div> </footer> </div> </article> <article class="c-card c-card--hor-reverse@xs u-items-center"> <div class="c-card__body"> <header class="c-card__header"> <time datetime="2021-01-26T12:00:00+00:00" class="c-card__event-date"> 26 Jan 2021, 12:00pm </time> <h3 class="c-card__title c-card__title--has-icon"><a href="https://securelist.com/webinars/kasperskys-advanced-targeted-threat-predictions-for-2021/" class="c-card__title-icon"><svg class="o-icon o-svg-icon o-svg-larger"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-webinar"></use></svg></a><a href="https://securelist.com/webinars/kasperskys-advanced-targeted-threat-predictions-for-2021/" class="c-card__link">Kaspersky’s Advanced Targeted Threat Predictions For 2021</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/arieljungheit/" > <span>Ariel Jungheit</span></a> </li> <li> <a href="https://securelist.com/author/costin/" > <span>Costin Raiu</span></a> </li> <li> <a href="https://securelist.com/author/davidemm/" > <span>David Emm</span></a> </li> </ul> </div> </footer> </div> </article> <article class="c-card c-card--hor-reverse@xs u-items-center"> <div class="c-card__body"> <header class="c-card__header"> <time datetime="2021-01-25T12:00:00+00:00" class="c-card__event-date"> 25 Jan 2021, 12:00pm </time> <h3 class="c-card__title c-card__title--has-icon"><a href="https://securelist.com/webinars/remote-working-in-2020-lessons-learnt/" class="c-card__title-icon"><svg class="o-icon o-svg-icon o-svg-larger"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-webinar"></use></svg></a><a href="https://securelist.com/webinars/remote-working-in-2020-lessons-learnt/" class="c-card__link">Remote working in 2020: lessons learnt</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/dmitrygalov/" > <span>Dmitry Galov</span></a> </li> </ul> </div> </footer> </div> </article> </div> </div> </div> </div> <div class="c-widget__wrapper"> <div class="js-sticky-widget"> <p><span class="c-tag c-tag--primary">From the same authors</span></p> <div class="o-row o-row--small-gutters"> <div class="o-col-12 c-card__dividers c-card__dividers--hide-first@xs c-card__dividers--show-last@xs"> <article class="c-card c-card--hor-reverse@xs u-items-center"> <a href="https://securelist.com/healthcare-predictions-2020/95385/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/20125702/ksb2019_featured-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/20125702/ksb2019_featured-800x450.jpg" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a href="https://securelist.com/healthcare-predictions-2020/95385/" class="c-card__link">Cybersecurity of connected healthcare 2020: Overview and predictions</a></h3> </header> </div> </article> </div> <div class="o-col-12 c-card__dividers c-card__dividers--hide-first@xs c-card__dividers--show-last@xs"> <article class="c-card c-card--hor-reverse@xs u-items-center"> <a href="https://securelist.com/financial-predictions-2020/95388/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/20125702/ksb2019_featured-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/11/20125702/ksb2019_featured-800x450.jpg" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a href="https://securelist.com/financial-predictions-2020/95388/" class="c-card__link">Cyberthreats to financial institutions 2020: Overview and predictions</a></h3> </header> </div> </article> </div> <div class="o-col-12 c-card__dividers c-card__dividers--hide-first@xs c-card__dividers--show-last@xs"> <article class="c-card c-card--hor-reverse@xs u-items-center"> <a href="https://securelist.com/ksb-cyberthreats-to-financial-institutions-2019-overview-and-predictions/88944/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/11/20075334/ksb_2018_intro-800x450.png" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/11/20075334/ksb_2018_intro-800x450.png" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a href="https://securelist.com/ksb-cyberthreats-to-financial-institutions-2019-overview-and-predictions/88944/" class="c-card__link">Cyberthreats to financial institutions 2019: overview and predictions</a></h3> </header> </div> </article> </div> <div class="o-col-12 c-card__dividers c-card__dividers--hide-first@xs c-card__dividers--show-last@xs"> <article class="c-card c-card--hor-reverse@xs u-items-center"> <a href="https://securelist.com/cybercriminals-vs-financial-institutions/83370/" class="c-card__figure" style=""> <img width="796" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2017/11/07165024/KSB2018-796x450.png" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2017/11/07165024/KSB2018-796x450.png" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a href="https://securelist.com/cybercriminals-vs-financial-institutions/83370/" class="c-card__link">Cybercriminals vs financial institutions in 2018: what to expect</a></h3> </header> </div> </article> </div> <div class="o-col-12 c-card__dividers c-card__dividers--hide-first@xs c-card__dividers--show-last@xs"> <article class="c-card c-card--hor-reverse@xs u-items-center"> <a href="https://securelist.com/kaspersky-security-bulletin-2015-evolution-of-cyber-threats-in-the-corporate-sector/72969/" class="c-card__figure" style=""> <img width="500" height="330" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2015/11/07200956/eye_2015.jpeg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" srcset="" sizes="auto, (max-width: 500px) 100vw, 500px" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2015/11/07200956/eye_2015.jpeg" data-srcset="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2015/11/07200956/eye_2015.jpeg 500w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2015/11/07200956/eye_2015-300x198.jpeg 300w" /> </a> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a href="https://securelist.com/kaspersky-security-bulletin-2015-evolution-of-cyber-threats-in-the-corporate-sector/72969/" class="c-card__link">Kaspersky Security Bulletin 2015. Evolution of cyber threats in the corporate sector</a></h3> </header> </div> </article> </div> </div> </div> </div> <div class="c-widget__wrapper"> <div class="c-widget-subscribe js-sticky-widget"> <div class="c-block__header"> <h5 class="c-title--small">Subscribe to our weekly e-mails</h5> <p>The hottest research right in your inbox</p> </div> <div class="c-form--float-labels js-float-labels"> <script type="text/javascript"></script> <div class='gf_browser_ie gf_browser_ie7 gform_wrapper gform_wrapper_original_id_11 gravity-theme subscribe-mc_wrapper' id='gform_wrapper_1313410169' ><div id='gf_1313410169' class='gform_anchor' tabindex='-1'></div><form method='post' enctype='multipart/form-data' target='gform_ajax_frame_1313410169' id='gform_1313410169' class='subscribe-mc' action='/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/#gf_1313410169' > <div class="gform-content-wrapper"><div class='gform_body gform-body'><div id='gform_fields_1313410169' class='gform_fields top_label form_sublabel_below description_below'><div id="field_11_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><label class='gfield_label screen-reader-text' for='input_1313410169_1' >Email<span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></label><div class='ginput_container ginput_container_email'> <input name='input_1' id='input_1313410169_1' type='text' value='' class='medium' placeholder='Email' aria-required="true" aria-invalid="false" /> </div></div><div id="field_11_3" class="gfield js-kaspersky-gform-recaptcha-placeholder gform_hidden field_sublabel_below field_description_below gfield_visibility_hidden" ><div class='ginput_container ginput_container_text'><input name='input_3' id='input_1313410169_3' type='hidden' class='gform_hidden' aria-invalid="false" value='' /></div></div><fieldset id="field_11_2" class="gfield input-without-label label-gdpr gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><legend class='gfield_label screen-reader-text gfield_label_before_complex' ><span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></legend><div class='ginput_container ginput_container_checkbox'><div class='gfield_checkbox' id='input_1313410169_2'><div class='gchoice gchoice_11_2_1'> <input class='gfield-choice-input' name='input_2.1' type='checkbox' value='I agree' id='choice_1313410169_11_2_1' /> <label for='choice_1313410169_11_2_1' id='label_1313410169_11_2_1'>I agree to provide my email address to “AO Kaspersky Lab” to receive information about new posts on the site. I understand that I can withdraw this consent at any time via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above.</label> </div></div></div></fieldset></div></div> <div class='gform_footer top_label'> <button type="submit" class="gform_button button" id='gform_submit_button_1313410169' value="Sign up"> <svg class="o-icon o-svg-icon o-svg-large"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-envelope"></use></svg> <span>Subscribe</span> </button> <input type='hidden' name='gform_ajax' value='form_id=11&title=&description=&tabindex=0' /> <input type='hidden' class='gform_hidden' name='is_submit_11' value='1' /> <input type='hidden' class='gform_hidden' name='gform_submit' value='11' /> <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' /> <input type='hidden' class='gform_hidden' name='state_11' value='WyJbXSIsImIwODQwZTA2ZGQ0NzYwODcyOTBkZjNmZDM1NDk2Y2ZkIl0=' /> <input type='hidden' class='gform_hidden' name='gform_target_page_number_11' id='gform_target_page_number_1313410169_11' value='0' /> <input type='hidden' class='gform_hidden' name='gform_source_page_number_11' id='gform_source_page_number_1313410169_11' value='1' /> <input type='hidden' name='gform_random_id' value='1313410169' /><input type='hidden' name='gform_field_values' value='securelist_2020_form_location=sidebar' /> </div> </div><p style="display: none !important;" class="akismet-fields-container" data-prefix="ak_"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_2" name="ak_js" value="38"/><script>document.getElementById( "ak_js_2" ).setAttribute( "value", ( new Date() ).getTime() );</script></p></form> </div> <iframe style='display:none;width:0px;height:0px;' src='about:blank' name='gform_ajax_frame_1313410169' id='gform_ajax_frame_1313410169' title='This iframe contains the logic required to handle Ajax powered Gravity Forms.'></iframe> <script type="text/javascript"> /* <![CDATA[ */ gform.initializeOnLoaded( function() {gformInitSpinner( 1313410169, 'https://securelist.com/wp-content/themes/securelist2020/assets/images/content/ajax-spinner-red.svg' );jQuery('#gform_ajax_frame_1313410169').on('load',function(){var contents = jQuery(this).contents().find('*').html();var is_postback = contents.indexOf('GF_AJAX_POSTBACK') >= 0;if(!is_postback){return;}var form_content = jQuery(this).contents().find('#gform_wrapper_1313410169');var is_confirmation = jQuery(this).contents().find('#gform_confirmation_wrapper_1313410169').length > 0;var is_redirect = contents.indexOf('gformRedirect(){') >= 0;var is_form = form_content.length > 0 && ! is_redirect && ! is_confirmation;var mt = parseInt(jQuery('html').css('margin-top'), 10) + parseInt(jQuery('body').css('margin-top'), 10) + 100;if(is_form){jQuery('#gform_wrapper_1313410169').html(form_content.html());if(form_content.hasClass('gform_validation_error')){jQuery('#gform_wrapper_1313410169').addClass('gform_validation_error');} else {jQuery('#gform_wrapper_1313410169').removeClass('gform_validation_error');}setTimeout( function() { /* delay the scroll by 50 milliseconds to fix a bug in chrome */ jQuery(document).scrollTop(jQuery('#gform_wrapper_1313410169').offset().top - mt); }, 50 );if(window['gformInitDatepicker']) {gformInitDatepicker();}if(window['gformInitPriceFields']) {gformInitPriceFields();}var current_page = jQuery('#gform_source_page_number_1313410169_11').val();gformInitSpinner( 1313410169, 'https://securelist.com/wp-content/themes/securelist2020/assets/images/content/ajax-spinner-red.svg' );jQuery(document).trigger('gform_page_loaded', [1313410169, current_page]);window['gf_submitting_1313410169'] = false;}else if(!is_redirect){var confirmation_content = jQuery(this).contents().find('.GF_AJAX_POSTBACK').html();if(!confirmation_content){confirmation_content = contents;}setTimeout(function(){jQuery('#gform_wrapper_1313410169').replaceWith(confirmation_content);jQuery(document).scrollTop(jQuery('#gf_1313410169').offset().top - mt);jQuery(document).trigger('gform_confirmation_loaded', [1313410169]);window['gf_submitting_1313410169'] = false;wp.a11y.speak(jQuery('#gform_confirmation_message_1313410169').text());}, 50);}else{jQuery('#gform_1313410169').append(contents);if(window['gformRedirect']) {gformRedirect();}}jQuery(document).trigger('gform_post_render', [1313410169, current_page]);} );} ); /* ]]> */ </script> </div> </div> </div> <div class="c-widget__wrapper"> <div class="js-sticky-widget"> <p><span class="c-tag c-tag--primary">In the same category</span></p> <div class="o-row o-row--small-gutters"> <div class="o-col-12 c-card__dividers c-card__dividers--hide-first@xs c-card__dividers--show-last@xs"> <article class="c-card c-card--hor-reverse@xs u-items-center"> <a href="https://securelist.com/eagerbee-backdoor/115175/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/12/28082809/SL-EagerBee-backdoor-featured-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/12/28082809/SL-EagerBee-backdoor-featured-800x450.jpg" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a href="https://securelist.com/eagerbee-backdoor/115175/" class="c-card__link">EAGERBEE, with updated and novel components, targets the Middle East</a></h3> </header> </div> </article> </div> <div class="o-col-12 c-card__dividers c-card__dividers--hide-first@xs c-card__dividers--show-last@xs"> <article class="c-card c-card--hor-reverse@xs u-items-center"> <a href="https://securelist.com/bellacpp-cpp-version-of-bellaciao/115087/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/12/19145053/SL-Bella-featured-1-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/12/19145053/SL-Bella-featured-1-800x450.jpg" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a href="https://securelist.com/bellacpp-cpp-version-of-bellaciao/115087/" class="c-card__link">BellaCPP: Discovering a new BellaCiao variant written in C++</a></h3> </header> </div> </article> </div> <div class="o-col-12 c-card__dividers c-card__dividers--hide-first@xs c-card__dividers--show-last@xs"> <article class="c-card c-card--hor-reverse@xs u-items-center"> <a href="https://securelist.com/lazarus-new-malware/115059/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/12/18184101/SL-Lazarus-multi-malware-attack-featured-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/12/18184101/SL-Lazarus-multi-malware-attack-featured-800x450.jpg" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a href="https://securelist.com/lazarus-new-malware/115059/" class="c-card__link">Lazarus group evolves its infection chain with old and new malware</a></h3> </header> </div> </article> </div> <div class="o-col-12 c-card__dividers c-card__dividers--hide-first@xs c-card__dividers--show-last@xs"> <article class="c-card c-card--hor-reverse@xs u-items-center"> <a href="https://securelist.com/careto-is-back/114942/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/12/12093659/SL-Careto-featured-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/12/12093659/SL-Careto-featured-800x450.jpg" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a href="https://securelist.com/careto-is-back/114942/" class="c-card__link">Careto is back: what’s new after 10 years of silence?</a></h3> </header> </div> </article> </div> <div class="o-col-12 c-card__dividers c-card__dividers--hide-first@xs c-card__dividers--show-last@xs"> <article class="c-card c-card--hor-reverse@xs u-items-center"> <a href="https://securelist.com/apt-report-q3-2024/114623/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/11/27181956/SL-APT-report-Q3-2024-featured-2-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/11/27181956/SL-APT-report-Q3-2024-featured-2-800x450.jpg" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a href="https://securelist.com/apt-report-q3-2024/114623/" class="c-card__link">APT trends report Q3 2024</a></h3> </header> </div> </article> </div> </div> </div> </div> <li id="text-22" class="widget widget_text"> <div class="textwidget"><p><a href="https://www.kaspersky.com/next?icid=gl_KNext_acq_ona_smm__onl_b2b_securelist_ban_sm-team___knext___" target="_blank" rel="noopener"><img decoding="async" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/04/10092503/NEXT_310x420_EN_1.jpg" width="370" /></a></p> </div> </li> </div> </div> </div> </div> <div class="c-article__progress rpi-progress-bar"> <div class="c-article__progress-bar__position rpi-progress-bar__position"></div> <div class="rpi-progress-bar__percentage"></div> </div> </article> </div> </section> <section class="c-block c-block--spacing-t-small c-block--spacing-b-small@md c-block--divider-internal"> <div class="o-container-fluid"> <h5 class="c-block__title">Latest Posts</h5> <div class="o-row o-row--small-gutters@sm c-card__row c-card__row--fixed-width-down@sm js-slider-posts-mobile"> <div class="o-col-6@sm o-col-3@md"> <article class="c-card c-card--standard@xs"> <a href="https://securelist.com/tria-stealer-collects-sms-data-from-android-devices/115295/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/01/23083642/tria-stealer-featured-image-updated-1-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/01/23083642/tria-stealer-featured-image-updated-1-800x450.jpg" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <p class="c-card__headline u-hidden u-block@md"> <a href="https://securelist.com/category/malware-descriptions/" class="c-tag c-tag--primary">Malware descriptions</a> </p> <h3 class="c-card__title"><a href="https://securelist.com/tria-stealer-collects-sms-data-from-android-devices/115295/" class="c-card__link">No need to RSVP: a closer look at the Tria stealer campaign</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/fareedradzi/" > <span>Fareed Radzi</span></a> </li> </ul> </div> </footer> </div> </article> </div> <div class="o-col-6@sm o-col-3@md"> <article class="c-card c-card--standard@xs"> <a href="https://securelist.com/industrial-threat-predictions-2025/115327/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/01/28200425/KSB-ICS-threat-predictions-2025-800x450.png" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" srcset="" sizes="auto, (max-width: 800px) 100vw, 800px" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/01/28200425/KSB-ICS-threat-predictions-2025-800x450.png" data-srcset="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/01/28200425/KSB-ICS-threat-predictions-2025-800x450.png 800w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/01/28200425/KSB-ICS-threat-predictions-2025-300x170.png 300w" /> </a> <div class="c-card__body"> <header class="c-card__header"> <p class="c-card__headline u-hidden u-block@md"> <a href="https://securelist.com/category/kaspersky-security-bulletin/" class="c-tag c-tag--primary">Kaspersky Security Bulletin</a> </p> <h3 class="c-card__title"><a href="https://securelist.com/industrial-threat-predictions-2025/115327/" class="c-card__link">Threat predictions for industrial enterprises 2025</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/evgenygoncharov/" > <span>Evgeny Goncharov</span></a> </li> </ul> </div> </footer> </div> </article> </div> <div class="o-col-6@sm o-col-3@md"> <article class="c-card c-card--standard@xs"> <a href="https://securelist.com/mercedes-benz-head-unit-security-research/115218/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/01/16112547/mercedes-benz-featured-image-3-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/01/16112547/mercedes-benz-featured-image-3-800x450.jpg" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <p class="c-card__headline u-hidden u-block@md"> <a href="https://securelist.com/category/research/" class="c-tag c-tag--primary">Research</a> </p> <h3 class="c-card__title"><a href="https://securelist.com/mercedes-benz-head-unit-security-research/115218/" class="c-card__link">Mercedes-Benz Head Unit security research report</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/securityservices/" > <span>Kaspersky Security Services</span></a> </li> </ul> </div> </footer> </div> </article> </div> <div class="o-col-6@sm o-col-3@md"> <article class="c-card c-card--standard@xs"> <a href="https://securelist.com/eagerbee-backdoor/115175/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/12/28082809/SL-EagerBee-backdoor-featured-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/12/28082809/SL-EagerBee-backdoor-featured-800x450.jpg" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <p class="c-card__headline u-hidden u-block@md"> <a href="https://securelist.com/category/apt-reports/" class="c-tag c-tag--primary">APT reports</a> </p> <h3 class="c-card__title"><a href="https://securelist.com/eagerbee-backdoor/115175/" class="c-card__link">EAGERBEE, with updated and novel components, targets the Middle East</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/saurabhsharma/" > <span>Saurabh Sharma</span></a> </li> <li> <a href="https://securelist.com/author/vasilyberdnikov/" > <span>Vasily Berdnikov</span></a> </li> </ul> </div> </footer> </div> </article> </div> </div> </div> </section> <section class="c-block c-block--spacing-t-small c-block--spacing-b-small@md c-block--divider-internal" data-element-id="latest-webinars-post-section"> <div class="o-container-fluid"> <h5 class="c-block__title">Latest Webinars</h5> <div class="o-row o-row--small-gutters@sm c-card__row c-card__row--fixed-width-down@sm js-slider-posts-mobile"> <div class="o-col-6@sm o-col-3@md"> <article class="c-card c-card--standard@xs"> <div class="c-card__figure"> <a href="https://securelist.com/webinars/from-chaos-to-control-streamlining-detection-engineering-in-security-operation-centers/" class="c-card__figure-link" data-element-id="latest-webinars-post-image"> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/02/14115336/webinar_Detection_Engineering_243x136-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail" alt="" title="" decoding="async" loading="lazy" srcset="" sizes="auto, (max-width: 800px) 100vw, 800px" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/02/14115336/webinar_Detection_Engineering_243x136-800x450.jpg" data-srcset="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/02/14115336/webinar_Detection_Engineering_243x136-800x450.jpg 800w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/02/14115336/webinar_Detection_Engineering_243x136-300x168.jpg 300w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/02/14115336/webinar_Detection_Engineering_243x136-500x280.jpg 500w" /> </a> </div> <div class="c-card__body"> <header class="c-card__header"> <p class="c-card__headline"> <a href="https://securelist.com/webinar-category/trainings-and-workshops/" class="c-tag c-tag--primary c-tag--has-icon" data-element-id="latest-webinars-post-category"><span class="c-tag__icon"><svg class="o-icon o-svg-icon o-svg-larger"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-webinar"></use></svg></span>Trainings and workshops</a> </p> <div class="u-flex u-justify-between"> <time datetime="2024-12-23T17:00:00+00:00" class="c-card__event-date"> 23 Dec 2024, 5:00pm </time> <span class="c-card__event-date">60 min</span> </div> <h3 class="c-card__title"><a href="https://securelist.com/webinars/from-chaos-to-control-streamlining-detection-engineering-in-security-operation-centers/" class="c-card__link" data-element-id="latest-webinars-post-title">From chaos to control: streamlining detection engineering in Security Operation Centers</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/sarimrafiq/" data-element-id="latest-webinars-post-author"> <span>Sarim Rafiq Uddin</span></a> </li> </ul> </div> </footer> </div> </article> </div> <div class="o-col-6@sm o-col-3@md"> <article class="c-card c-card--standard@xs"> <div class="c-card__figure"> <a href="https://securelist.com/webinars/%d1%81rimeware-and-financial-cyberthreats-in-2025/" class="c-card__figure-link" data-element-id="latest-webinars-post-image"> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/12/20171256/webinar_crimeware_ksb-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail" alt="" title="" decoding="async" loading="lazy" srcset="" sizes="auto, (max-width: 800px) 100vw, 800px" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/12/20171256/webinar_crimeware_ksb-800x450.jpg" data-srcset="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/12/20171256/webinar_crimeware_ksb-800x450.jpg 800w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/12/20171256/webinar_crimeware_ksb-300x168.jpg 300w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/12/20171256/webinar_crimeware_ksb-500x280.jpg 500w" /> </a> </div> <div class="c-card__body"> <header class="c-card__header"> <p class="c-card__headline"> <a href="https://securelist.com/webinar-category/cyberthreat-talks/" class="c-tag c-tag--primary c-tag--has-icon" data-element-id="latest-webinars-post-category"><span class="c-tag__icon"><svg class="o-icon o-svg-icon o-svg-larger"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-webinar"></use></svg></span>Cyberthreat talks</a> </p> <div class="u-flex u-justify-between"> <time datetime="2024-12-17T17:00:00+00:00" class="c-card__event-date"> 17 Dec 2024, 5:00pm </time> <span class="c-card__event-date">60 min</span> </div> <h3 class="c-card__title"><a href="https://securelist.com/webinars/%d1%81rimeware-and-financial-cyberthreats-in-2025/" class="c-card__link" data-element-id="latest-webinars-post-title">Сrimeware and financial cyberthreats in 2025</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/fabioa/" data-element-id="latest-webinars-post-author"> <span>Fabio Assolini</span></a> </li> <li> <a href="https://securelist.com/author/marcrivero/" data-element-id="latest-webinars-post-author"> <span>Marc Rivero</span></a> </li> <li> <a href="https://securelist.com/author/tatyanashishkova/" data-element-id="latest-webinars-post-author"> <span>Tatyana Shishkova</span></a> </li> </ul> </div> </footer> </div> </article> </div> <div class="o-col-6@sm o-col-3@md"> <article class="c-card c-card--standard@xs"> <div class="c-card__figure"> <a href="https://securelist.com/webinars/global-it-outages-and-supply-chain-attacks-2024s-lessons-and-tomorrows-cyberthreats/" class="c-card__figure-link" data-element-id="latest-webinars-post-image"> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/12/20170250/webinar_story_of_the_year_2024-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail" alt="" title="" decoding="async" loading="lazy" srcset="" sizes="auto, (max-width: 800px) 100vw, 800px" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/12/20170250/webinar_story_of_the_year_2024-800x450.jpg" data-srcset="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/12/20170250/webinar_story_of_the_year_2024-800x450.jpg 800w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/12/20170250/webinar_story_of_the_year_2024-300x168.jpg 300w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/12/20170250/webinar_story_of_the_year_2024-500x280.jpg 500w" /> </a> </div> <div class="c-card__body"> <header class="c-card__header"> <p class="c-card__headline"> <a href="https://securelist.com/webinar-category/cyberthreat-talks/" class="c-tag c-tag--primary c-tag--has-icon" data-element-id="latest-webinars-post-category"><span class="c-tag__icon"><svg class="o-icon o-svg-icon o-svg-larger"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-webinar"></use></svg></span>Cyberthreat talks</a> </p> <div class="u-flex u-justify-between"> <time datetime="2024-12-09T17:00:00+00:00" class="c-card__event-date"> 09 Dec 2024, 5:00pm </time> <span class="c-card__event-date">60 min</span> </div> <h3 class="c-card__title"><a href="https://securelist.com/webinars/global-it-outages-and-supply-chain-attacks-2024s-lessons-and-tomorrows-cyberthreats/" class="c-card__link" data-element-id="latest-webinars-post-title">Global IT outages and supply chain attacks: 2024’s lessons and tomorrow’s cyberthreats</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/igorsoumenkov/" data-element-id="latest-webinars-post-author"> <span>Igor Kuznetsov</span></a> </li> <li> <a href="https://securelist.com/author/alexanderliskin/" data-element-id="latest-webinars-post-author"> <span>Alexander Liskin</span></a> </li> <li> <a href="https://securelist.com/author/vladimirkuskov/" data-element-id="latest-webinars-post-author"> <span>Vladimir Kuskov</span></a> </li> </ul> </div> </footer> </div> </article> </div> <div class="o-col-6@sm o-col-3@md"> <article class="c-card c-card--standard@xs"> <div class="c-card__figure"> <a href="https://securelist.com/webinars/missed-cyberthreats-real-world-cases-where-compromise-assessment-uncovered-what-was-overlooked/" class="c-card__figure-link" data-element-id="latest-webinars-post-image"> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/10/29082934/SL-compromise-assessment-featured-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail" alt="" title="" decoding="async" loading="lazy" srcset="" sizes="auto, (max-width: 800px) 100vw, 800px" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/10/29082934/SL-compromise-assessment-featured-800x450.jpg" data-srcset="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/10/29082934/SL-compromise-assessment-featured-800x450.jpg 800w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/10/29082934/SL-compromise-assessment-featured-300x168.jpg 300w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/10/29082934/SL-compromise-assessment-featured-500x280.jpg 500w" /> </a> </div> <div class="c-card__body"> <header class="c-card__header"> <p class="c-card__headline"> <a href="https://securelist.com/webinar-category/threat-intelligence-and-incident-response/" class="c-tag c-tag--primary c-tag--has-icon" data-element-id="latest-webinars-post-category"><span class="c-tag__icon"><svg class="o-icon o-svg-icon o-svg-larger"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-webinar"></use></svg></span>Threat intelligence and IR</a> </p> <div class="u-flex u-justify-between"> <time datetime="2024-10-29T17:00:00+00:00" class="c-card__event-date"> 29 Oct 2024, 5:00pm </time> <span class="c-card__event-date">60 min</span> </div> <h3 class="c-card__title"><a href="https://securelist.com/webinars/missed-cyberthreats-real-world-cases-where-compromise-assessment-uncovered-what-was-overlooked/" class="c-card__link" data-element-id="latest-webinars-post-title">Missed cyberthreats: real-world cases where compromise assessment uncovered what was overlooked</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/victorsergeev/" data-element-id="latest-webinars-post-author"> <span>Victor Sergeev</span></a> </li> <li> <a href="https://securelist.com/author/amgedwageh/" data-element-id="latest-webinars-post-author"> <span>Amged Wageh</span></a> </li> </ul> </div> </footer> </div> </article> </div> </div> </div> </section> <section data-element-id="footer-reports-section" class="c-block c-block--spacing-t-small c-block--spacing-b-small@md c-block--divider-internal"> <div class="o-container-fluid"> <h5 class="c-block__title">Reports</h5> <div class="o-row o-row--small-gutters"> <div class="o-col-8@sm"> <div class="o-row o-row--small-gutters"> <div class="o-col-6@md"> <article class="c-card c-card--standard@xs"> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a data-element-id="footer-reports-title" href="https://securelist.com/eagerbee-backdoor/115175/" class="c-card__link">EAGERBEE, with updated and novel components, targets the Middle East</a></h3> </header> <div class="c-card__desc"> <p>Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.</p> </div> </div> </article> </div> <div class="o-col-6@md c-card__dividers c-card__dividers--hide@md"> <article class="c-card c-card--standard@xs"> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a data-element-id="footer-reports-title" href="https://securelist.com/bellacpp-cpp-version-of-bellaciao/115087/" class="c-card__link">BellaCPP: Discovering a new BellaCiao variant written in C++</a></h3> </header> <div class="c-card__desc u-hidden u-block@md"> <p>While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed “BellaCPP”.</p> </div> </div> </article> </div> <div class="o-col-6@md c-card__dividers c-card__dividers--hide@md"> <article class="c-card c-card--standard@xs"> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a data-element-id="footer-reports-title" href="https://securelist.com/lazarus-new-malware/115059/" class="c-card__link">Lazarus group evolves its infection chain with old and new malware</a></h3> </header> <div class="c-card__desc u-hidden u-block@md"> <p>Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus.</p> </div> </div> </article> </div> <div class="o-col-6@md c-card__dividers c-card__dividers--hide@md"> <article class="c-card c-card--standard@xs"> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a data-element-id="footer-reports-title" href="https://securelist.com/careto-is-back/114942/" class="c-card__link">Careto is back: what’s new after 10 years of silence?</a></h3> </header> <div class="c-card__desc u-hidden u-block@md"> <p>Kaspersky researchers analyze 2019, 2022 and 2024 attacks attributed to Careto APT with medium to high confidence.</p> </div> </div> </article> </div> </div> </div> <div class="o-col-4@sm u-hidden u-block@sm"> <div class="c-image c-image--overflow-down@sm"> <a href="https://xtraining.kaspersky.com/?icid=gl_securelist_acq_ona_smm__onl_b2b_securelist_ban_sm-team___xtraining____db5c7a1470cf39c3"><img src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/12/30141748/xTraining-evergreen-banner_370x500_EN.jpg" /></a> </div> </div> </div> </div> </section> <section class="c-block c-block--spacing-t-small c-block--spacing-b-small@md" data-element-id="footer-subscribe-section"> <div class="o-container-fluid"> <div class="o-row c-block__row u-flex-nowrap@md"> <div class="o-col"> <div class="c-block__header"> <h5 class="c-block__title">Subscribe to our weekly e-mails</h5> <p>The hottest research right in your inbox</p> </div> </div> <div class="o-col u-flex-shrink-0 u-flex-grow"> <div class="c-form--newsletter u-ml-auto"> <div class='gf_browser_ie gf_browser_ie7 gform_wrapper gform_wrapper_original_id_11 gravity-theme subscribe-mc_wrapper' id='gform_wrapper_1594593115' ><div id='gf_1594593115' class='gform_anchor' tabindex='-1'></div><form method='post' enctype='multipart/form-data' target='gform_ajax_frame_1594593115' id='gform_1594593115' class='subscribe-mc' action='/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/#gf_1594593115' > <div class="gform-content-wrapper"><div class='gform_body gform-body'><div id='gform_fields_1594593115' class='gform_fields top_label form_sublabel_below description_below'><div id="field_11_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><label class='gfield_label screen-reader-text' for='input_1594593115_1' >Email<span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></label><div class='ginput_container ginput_container_email'> <input name='input_1' id='input_1594593115_1' type='text' value='' class='medium' placeholder='Email' aria-required="true" aria-invalid="false" /> </div></div><div id="field_11_3" class="gfield js-kaspersky-gform-recaptcha-placeholder gform_hidden field_sublabel_below field_description_below gfield_visibility_hidden" ><div class='ginput_container ginput_container_text'><input name='input_3' id='input_1594593115_3' type='hidden' class='gform_hidden' aria-invalid="false" value='' /></div></div><fieldset id="field_11_2" class="gfield input-without-label label-gdpr gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><legend class='gfield_label screen-reader-text gfield_label_before_complex' ><span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></legend><div class='ginput_container ginput_container_checkbox'><div class='gfield_checkbox' id='input_1594593115_2'><div class='gchoice gchoice_11_2_1'> <input class='gfield-choice-input' name='input_2.1' type='checkbox' value='I agree' id='choice_1594593115_11_2_1' /> <label for='choice_1594593115_11_2_1' id='label_1594593115_11_2_1'>I agree to provide my email address to “AO Kaspersky Lab” to receive information about new posts on the site. I understand that I can withdraw this consent at any time via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above.</label> </div></div></div></fieldset></div></div> <div class='gform_footer top_label'> <button class="gform_button button" type="submit" id='gform_submit_button_1594593115' value="Sign up"> <svg class="o-icon o-svg-icon o-svg-large u-hidden u-inline-block@sm"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-envelope"></use></svg> <span class="u-hidden u-inline@sm">Subscribe</span> <span class="u-hidden@sm"><svg class="o-icon o-svg-icon o-svg-right"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-arrow"></use></svg></span> </button> <input type='hidden' name='gform_ajax' value='form_id=11&title=&description=&tabindex=0' /> <input type='hidden' class='gform_hidden' name='is_submit_11' value='1' /> <input type='hidden' class='gform_hidden' name='gform_submit' value='11' /> <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' /> <input type='hidden' class='gform_hidden' name='state_11' value='WyJbXSIsImIwODQwZTA2ZGQ0NzYwODcyOTBkZjNmZDM1NDk2Y2ZkIl0=' /> <input type='hidden' class='gform_hidden' name='gform_target_page_number_11' id='gform_target_page_number_1594593115_11' value='0' /> <input type='hidden' class='gform_hidden' name='gform_source_page_number_11' id='gform_source_page_number_1594593115_11' value='1' /> <input type='hidden' name='gform_random_id' value='1594593115' /><input type='hidden' name='gform_field_values' value='securelist_2020_form_location=' /> </div> </div><p style="display: none !important;" class="akismet-fields-container" data-prefix="ak_"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_3" name="ak_js" value="175"/><script>document.getElementById( "ak_js_3" ).setAttribute( "value", ( new Date() ).getTime() );</script></p></form> </div> <iframe style='display:none;width:0px;height:0px;' src='about:blank' name='gform_ajax_frame_1594593115' id='gform_ajax_frame_1594593115' title='This iframe contains the logic required to handle Ajax powered Gravity Forms.'></iframe> <script type="text/javascript"> /* <![CDATA[ */ gform.initializeOnLoaded( function() {gformInitSpinner( 1594593115, 'https://securelist.com/wp-content/themes/securelist2020/assets/images/content/ajax-spinner-red.svg' );jQuery('#gform_ajax_frame_1594593115').on('load',function(){var contents = jQuery(this).contents().find('*').html();var is_postback = contents.indexOf('GF_AJAX_POSTBACK') >= 0;if(!is_postback){return;}var form_content = jQuery(this).contents().find('#gform_wrapper_1594593115');var is_confirmation = jQuery(this).contents().find('#gform_confirmation_wrapper_1594593115').length > 0;var is_redirect = contents.indexOf('gformRedirect(){') >= 0;var is_form = form_content.length > 0 && ! is_redirect && ! is_confirmation;var mt = parseInt(jQuery('html').css('margin-top'), 10) + parseInt(jQuery('body').css('margin-top'), 10) + 100;if(is_form){jQuery('#gform_wrapper_1594593115').html(form_content.html());if(form_content.hasClass('gform_validation_error')){jQuery('#gform_wrapper_1594593115').addClass('gform_validation_error');} else {jQuery('#gform_wrapper_1594593115').removeClass('gform_validation_error');}setTimeout( function() { /* delay the scroll by 50 milliseconds to fix a bug in chrome */ jQuery(document).scrollTop(jQuery('#gform_wrapper_1594593115').offset().top - mt); }, 50 );if(window['gformInitDatepicker']) {gformInitDatepicker();}if(window['gformInitPriceFields']) {gformInitPriceFields();}var current_page = jQuery('#gform_source_page_number_1594593115_11').val();gformInitSpinner( 1594593115, 'https://securelist.com/wp-content/themes/securelist2020/assets/images/content/ajax-spinner-red.svg' );jQuery(document).trigger('gform_page_loaded', [1594593115, current_page]);window['gf_submitting_1594593115'] = false;}else if(!is_redirect){var confirmation_content = jQuery(this).contents().find('.GF_AJAX_POSTBACK').html();if(!confirmation_content){confirmation_content = contents;}setTimeout(function(){jQuery('#gform_wrapper_1594593115').replaceWith(confirmation_content);jQuery(document).scrollTop(jQuery('#gf_1594593115').offset().top - mt);jQuery(document).trigger('gform_confirmation_loaded', [1594593115]);window['gf_submitting_1594593115'] = false;wp.a11y.speak(jQuery('#gform_confirmation_message_1594593115').text());}, 50);}else{jQuery('#gform_1594593115').append(contents);if(window['gformRedirect']) {gformRedirect();}}jQuery(document).trigger('gform_post_render', [1594593115, current_page]);} );} ); /* ]]> */ </script> </div> </div> </div> <div class="u-hidden@sm u-mb-spacer-base-"> <div class="c-image c-image--overflow-down@sm"> <a href="https://xtraining.kaspersky.com/?icid=gl_securelist_acq_ona_smm__onl_b2b_securelist_ban_sm-team___xtraining____db5c7a1470cf39c3"><img src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/12/30141758/xTraining-evergreen-banner_800x800_EN-740x740.jpg" /></a> </div> </div> </div> </section> </div><!-- /.c-page --> <section class="c-block c-block--spacing-t-small c-block--spacing-t-large@md c-block--spacing-b c-page-footer c-block--bg-image c-color--invert" style="background-image: url(https://securelist.com/wp-content/themes/securelist2020/assets/images/content/bg-gradient-02.jpg);"> <div class="o-container-fluid"> <div data-element-id="footer-content-block" class="c-page-footer__content"> <div class="o-row o-row--reverse"> <div class="o-col-9@md"> <div class="c-page-menu"> <div class="o-row c-page-menu__dividers"> <div class="o-col-4@md"><div class="c-accordion js-accordion c-accordion--reset@md"><p class="menu-item-threats section-title accordion menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-226 c-page-menu__title u-hidden u-block@md"><a href="https://securelist.com/threat-categories/" data-element-id="footer-content-link">Threats</a></p><div class="c-accordion-toggle js-accordion-toggle"><p>Threats</p></div><div class="c-accordion-container js-accordion-container"> <ul class="sub-menu"> <li class="menu-item menu-item-type-taxonomy menu-item-object-threat-category menu-item-99839"><a href="https://securelist.com/threat-category/apt-targeted-attacks/" data-element-id="footer-content-link">APT (Targeted attacks)</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-89457"><a href="https://securelist.com/threat-category/secure-environment/" data-element-id="footer-content-link">Secure environment (IoT)</a></li> <li class="topic-item vulnerabilities menu-item menu-item-type-custom menu-item-object-custom menu-item-63231"><a href="https://securelist.com/threat-category/mobile-threats/" data-element-id="footer-content-link">Mobile threats</a></li> <li class="topic-item detected menu-item menu-item-type-custom menu-item-object-custom menu-item-63229"><a href="https://securelist.com/threat-category/financial-threats/" data-element-id="footer-content-link">Financial threats</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-89458"><a href="https://securelist.com/threat-category/spam-and-phishing/" data-element-id="footer-content-link">Spam and phishing</a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-threat-category menu-item-99840"><a href="https://securelist.com/threat-category/industrial-threats/" data-element-id="footer-content-link">Industrial threats</a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-threat-category menu-item-89465"><a href="https://securelist.com/threat-category/web-threats/" data-element-id="footer-content-link">Web threats</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-89459"><a href="https://securelist.com/threat-category/vulnerabilities-and-exploits/" data-element-id="footer-content-link">Vulnerabilities and exploits</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-113855"><a href="https://securelist.com/threat-categories/" data-element-id="footer-content-link">All threats</a></li> </ul> </li> </li></ul></div></div></div><div class="o-col-4@md"><div class="c-accordion js-accordion c-accordion--reset@md"><p class="menu-item-categories section-title accordion menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-230 c-page-menu__title u-hidden u-block@md"><a href="https://securelist.com/categories/" data-element-id="footer-content-link">Categories</a></p><div class="c-accordion-toggle js-accordion-toggle"><p>Categories</p></div><div class="c-accordion-container js-accordion-container"> <ul class="sub-menu"> <li class="menu-item menu-item-type-taxonomy menu-item-object-category current-post-ancestor current-menu-parent current-post-parent menu-item-84158"><a href="https://securelist.com/category/apt-reports/" data-element-id="footer-content-link">APT reports</a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-99841"><a href="https://securelist.com/category/malware-descriptions/" data-element-id="footer-content-link">Malware descriptions</a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-84160"><a href="https://securelist.com/category/kaspersky-security-bulletin/" data-element-id="footer-content-link">Security Bulletin</a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-84161"><a href="https://securelist.com/category/malware-reports/" data-element-id="footer-content-link">Malware reports</a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-89460"><a href="https://securelist.com/category/spam-and-phishing-reports/" data-element-id="footer-content-link">Spam and phishing reports</a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-99842"><a href="https://securelist.com/category/security-technologies/" data-element-id="footer-content-link">Security technologies</a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-84165"><a href="https://securelist.com/category/research/" data-element-id="footer-content-link">Research</a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-84164"><a href="https://securelist.com/category/publications/" data-element-id="footer-content-link">Publications</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-113876"><a href="https://securelist.com/categories/" data-element-id="footer-content-link">All categories</a></li> </ul> </li> </li></ul></div></div></div><div class="o-col-4@md"><p class="menu-item-tags section-title after-accordion menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-277 c-page-menu__title u-hidden u-block@md"><a data-element-id="footer-content-link">Other sections</a></p> <ul class="sub-menu"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-100526"><a href="https://securelist.com/all/" data-element-id="footer-content-link">Archive</a></li> <li class="show-all-tags menu-item menu-item-type-post_type menu-item-object-page menu-item-57837"><a href="https://securelist.com/tags/" data-element-id="footer-content-link">All tags</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-101956"><a href="https://securelist.com/webinars/" data-element-id="footer-content-link">Webinars</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-101126"><a target="_blank" rel="noopener noreferrer" href="https://apt.securelist.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="footer-content-link">APT Logbook</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-241"><a target="_blank" rel="noopener noreferrer" href="https://statistics.securelist.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="footer-content-link">Statistics</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-86643"><a target="_blank" rel="noopener noreferrer" href="https://encyclopedia.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="footer-content-link">Encyclopedia</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-58141"><a target="_blank" rel="noopener noreferrer" href="https://threats.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="footer-content-link">Threats descriptions</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-115044"><a href="https://securelist.com/ksb-2024/" data-element-id="footer-content-link">KSB 2024</a></li> </ul> </li> </div> </div> </div> </div> <div class="o-col-3@md"> <div class="c-site-logo c-site-logo--kaspersky"></div> </div> </div> </div> <div data-element-id="footer-menu-block" class="c-page-footer__wrapper"> <div class="c-page-footer__info"> <p>© 2025 AO Kaspersky Lab. All Rights Reserved.<br /> Registered trademarks and service marks are the property of their respective owners.</p> </div> <div class="c-page-footer__links"> <ul> <li><a data-element-id="footer-menu-link" href="https://www.kaspersky.com/web-privacy-policy?icid=gl_seclistfooter_acq_ona_smm__onl_b2b_securelist_footer_sm-team_______11d7a8212d94123d">Privacy Policy</a></li> <li><a data-element-id="footer-menu-link" href="https://www.kaspersky.com/end-user-license-agreement?icid=gl_seclistfooter_acq_ona_smm__onl_b2b_securelist_footer_sm-team_______11d7a8212d94123d">License Agreement</a></li> <li><a data-element-id="footer-menu-link" href="javascript: void(0);" onclick="javascript: Cookiebot.renew()">Cookies</a></li> </ul> </div> </div> </div> </section> <div id="modal-newsletter" class="c-modal__wrapper c-modal__wrapper--sm mfp-hide"> <div class="c-modal"> <a href="#" class="c-modal-close js-modal-close"></a> <div class="c-modal__main"> <div class="c-block c-block--spacing-t-small c-block--spacing-b-small"> <div class="o-container-fluid"> <div class="c-block__header"> <h5 class="c-title--small">Subscribe to our weekly e-mails</h5> <p>The hottest research right in your inbox</p> </div> <div class="c-form--float-labels js-float-labels"> <div class='gf_browser_ie gf_browser_ie7 gform_wrapper gform_wrapper_original_id_11 gravity-theme subscribe-mc_wrapper' id='gform_wrapper_672683416' ><div id='gf_672683416' class='gform_anchor' tabindex='-1'></div><form method='post' enctype='multipart/form-data' target='gform_ajax_frame_672683416' id='gform_672683416' class='subscribe-mc' action='/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/#gf_672683416' > <div class="gform-content-wrapper"><div class='gform_body gform-body'><div id='gform_fields_672683416' class='gform_fields top_label form_sublabel_below description_below'><div id="field_11_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><label class='gfield_label screen-reader-text' for='input_672683416_1' >Email<span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></label><div class='ginput_container ginput_container_email'> <input name='input_1' id='input_672683416_1' type='text' value='' class='medium' placeholder='Email' aria-required="true" aria-invalid="false" /> </div></div><div id="field_11_3" class="gfield js-kaspersky-gform-recaptcha-placeholder gform_hidden field_sublabel_below field_description_below gfield_visibility_hidden" ><div class='ginput_container ginput_container_text'><input name='input_3' id='input_672683416_3' type='hidden' class='gform_hidden' aria-invalid="false" value='' /></div></div><fieldset id="field_11_2" class="gfield input-without-label label-gdpr gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><legend class='gfield_label screen-reader-text gfield_label_before_complex' ><span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></legend><div class='ginput_container ginput_container_checkbox'><div class='gfield_checkbox' id='input_672683416_2'><div class='gchoice gchoice_11_2_1'> <input class='gfield-choice-input' name='input_2.1' type='checkbox' value='I agree' id='choice_672683416_11_2_1' /> <label for='choice_672683416_11_2_1' id='label_672683416_11_2_1'>I agree to provide my email address to “AO Kaspersky Lab” to receive information about new posts on the site. I understand that I can withdraw this consent at any time via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above.</label> </div></div></div></fieldset></div></div> <div class='gform_footer top_label'> <button type="submit" class="gform_button button" id='gform_submit_button_672683416' value="Sign up"> <svg class="o-icon o-svg-icon o-svg-large"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-envelope"></use></svg> <span>Subscribe</span> </button> <input type='hidden' name='gform_ajax' value='form_id=11&title=&description=&tabindex=0' /> <input type='hidden' class='gform_hidden' name='is_submit_11' value='1' /> <input type='hidden' class='gform_hidden' name='gform_submit' value='11' /> <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' /> <input type='hidden' class='gform_hidden' name='state_11' value='WyJbXSIsImIwODQwZTA2ZGQ0NzYwODcyOTBkZjNmZDM1NDk2Y2ZkIl0=' /> <input type='hidden' class='gform_hidden' name='gform_target_page_number_11' id='gform_target_page_number_672683416_11' value='0' /> <input type='hidden' class='gform_hidden' name='gform_source_page_number_11' id='gform_source_page_number_672683416_11' value='1' /> <input type='hidden' name='gform_random_id' value='672683416' /><input type='hidden' name='gform_field_values' value='securelist_2020_form_location=sidebar' /> </div> </div><p style="display: none !important;" class="akismet-fields-container" data-prefix="ak_"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_4" name="ak_js" value="106"/><script>document.getElementById( "ak_js_4" ).setAttribute( "value", ( new Date() ).getTime() );</script></p></form> </div> <iframe style='display:none;width:0px;height:0px;' src='about:blank' name='gform_ajax_frame_672683416' id='gform_ajax_frame_672683416' title='This iframe contains the logic required to handle Ajax powered Gravity Forms.'></iframe> <script type="text/javascript"> /* <![CDATA[ */ gform.initializeOnLoaded( function() {gformInitSpinner( 672683416, 'https://securelist.com/wp-content/themes/securelist2020/assets/images/content/ajax-spinner-red.svg' );jQuery('#gform_ajax_frame_672683416').on('load',function(){var contents = jQuery(this).contents().find('*').html();var is_postback = contents.indexOf('GF_AJAX_POSTBACK') >= 0;if(!is_postback){return;}var form_content = jQuery(this).contents().find('#gform_wrapper_672683416');var is_confirmation = jQuery(this).contents().find('#gform_confirmation_wrapper_672683416').length > 0;var is_redirect = contents.indexOf('gformRedirect(){') >= 0;var is_form = form_content.length > 0 && ! is_redirect && ! is_confirmation;var mt = parseInt(jQuery('html').css('margin-top'), 10) + parseInt(jQuery('body').css('margin-top'), 10) + 100;if(is_form){jQuery('#gform_wrapper_672683416').html(form_content.html());if(form_content.hasClass('gform_validation_error')){jQuery('#gform_wrapper_672683416').addClass('gform_validation_error');} else {jQuery('#gform_wrapper_672683416').removeClass('gform_validation_error');}setTimeout( function() { /* delay the scroll by 50 milliseconds to fix a bug in chrome */ jQuery(document).scrollTop(jQuery('#gform_wrapper_672683416').offset().top - mt); }, 50 );if(window['gformInitDatepicker']) {gformInitDatepicker();}if(window['gformInitPriceFields']) {gformInitPriceFields();}var current_page = jQuery('#gform_source_page_number_672683416_11').val();gformInitSpinner( 672683416, 'https://securelist.com/wp-content/themes/securelist2020/assets/images/content/ajax-spinner-red.svg' );jQuery(document).trigger('gform_page_loaded', [672683416, current_page]);window['gf_submitting_672683416'] = false;}else if(!is_redirect){var confirmation_content = jQuery(this).contents().find('.GF_AJAX_POSTBACK').html();if(!confirmation_content){confirmation_content = contents;}setTimeout(function(){jQuery('#gform_wrapper_672683416').replaceWith(confirmation_content);jQuery(document).scrollTop(jQuery('#gf_672683416').offset().top - mt);jQuery(document).trigger('gform_confirmation_loaded', [672683416]);window['gf_submitting_672683416'] = false;wp.a11y.speak(jQuery('#gform_confirmation_message_672683416').text());}, 50);}else{jQuery('#gform_672683416').append(contents);if(window['gformRedirect']) {gformRedirect();}}jQuery(document).trigger('gform_post_render', [672683416, current_page]);} );} ); /* ]]> */ </script> </div> </div> </div> </div><!-- /.c-modal__main --> </div><!-- /.c-modal --> </div><!-- /.c-modal__wrapper --> <script type="text/javascript"> if ( typeof _recaptcha_wordpress_savedcomment != 'undefined') { document.getElementById('comment').value = _recaptcha_wordpress_savedcomment; } </script><script type="text/javascript" src="https://kasperskycontenthub.com/securelist/wp-content/plugins/kaspersky-embeds/js/scripts.js?ver=1.0" id="kspr_embeds-js"></script> <script type="text/javascript" src="https://www.google.com/recaptcha/api.js?render=explicit&ver=202124050927" id="kaspersky-dynamic-gravity-forms-google-recaptcha-js"></script> <script type="text/javascript" id="crayon_js-js-extra"> /* <![CDATA[ */ var CrayonSyntaxSettings = {"version":"_2.7.2_beta","is_admin":"0","ajaxurl":"https:\/\/securelist.com\/wp-admin\/admin-ajax.php","prefix":"crayon-","setting":"crayon-setting","selected":"crayon-setting-selected","changed":"crayon-setting-changed","special":"crayon-setting-special","orig_value":"data-orig-value","debug":""}; var CrayonSyntaxStrings = {"copy":"Press %s to Copy, %s to Paste","minimize":"Click To Expand Code"}; /* ]]> */ </script> <script type="text/javascript" id="kaspersky-dynamic-gravity-forms-main-js-extra"> /* <![CDATA[ */ var kasperskyDynamicaReCaptchaData = {"ajaxUrl":"https:\/\/securelist.com\/wp-admin\/admin-ajax.php"}; /* ]]> */ </script> <script type="text/javascript" id="kaspersky-omniture-js-extra"> /* <![CDATA[ */ var kaspersky = {"pageName":"Kaspersky Securelist","pageType":"blog","platformName":"Micro Site","businessType":"b2c","siteLocale":"en-GLOBAL"}; /* ]]> */ </script> <script type="text/javascript" id="wp-autosearch-script-js-extra"> /* <![CDATA[ */ var wp_autosearch_config = {"autocomplete_taxonomies":{"0":"category"},"split_results_by_type":"true","search_title":"true","search_content":"false","search_terms":"false","search_exactonly":"true","order_by":"title","order":"DESC","search_comments":"false","search_tags":"false","no_of_results":"5","description_limit":"100","title_limit":"50","excluded_ids":{},"excluded_cats":{"0":0},"full_search_url":"https:\/\/kasperskycontenthub.com\/securelist\/?s=%q%","min_chars":"3","ajax_delay":"200","cache_length":"200","autocomplete_sortorder":"posts","thumb_image_display":"false","thumb_image_width":"50","thumb_image_height":"50","get_first_image":"true","force_resize_first_image":"true","thumb_image_crop":"true","default_image":"https:\/\/kasperskycontenthub.com\/securelist\/wp-content\/plugins\/wp-autosearch\/assert\/image\/default.png","search_image":"","display_more_bar":"false","display_result_title":"false","enable_token":"true","custom_css":"","custom_js":"","try_full_search_text":"Search more...","no_results_try_full_search_text":"No Results!","show_author":"false","show_date":"false","description_result":"false","color":{"results_even_bar":"E8E8E8","results_odd_bar":"FFFFFF","results_even_text":"000000","results_odd_text":"000000","results_hover_bar":"5CCCB2","results_hover_text":"FFFFFF","seperator_bar":"2D8DA0","seperator_hover_bar":"6A81A0","seperator_text":"FFFFFF","seperator_hover_text":"FFFFFF","more_bar":"5286A0","more_hover_bar":"4682A0","more_text":"FFFFFF","more_hover_text":"FFFFFF","box_border":"57C297","box_background":"FFFFFF","box_text":"000000"},"title":{"page":"Pages","post":"Posts","webinars":"Webinars"},"post_types":{"0":"page","1":"post","2":"webinars"},"nonce":"cd5b7c7657","ajax_url":"https:\/\/securelist.com\/wp-admin\/admin-ajax.php"}; /* ]]> */ </script> <script type="text/javascript" id="securelist-script-js-extra"> /* <![CDATA[ */ var securelist2020Data = {"ajaxUrl":"https:\/\/securelist.com\/wp-admin\/admin-ajax.php","loading":"Loading...","marketoBaseURL":"","marketoVirtualForm":"27241","munchkinID":"802-IJN-240","reCaptcha_key":"6Lf2eUQUAAAAAC-GQSZ6R2pjePmmD6oA6F_3AV7j"}; /* ]]> */ </script> <script type='text/javascript' src='//assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/crayon-syntax-highlighter/js/min/crayon.min.js,wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/main.js,wp-content/plugins/kaspersky-lazy-load/assets/js/main.js,wp-content/plugins/kaspersky-omniture/assets/dataLayer.js,wp-content/plugins/kaspersky-wp-autosearch/assert/js/migrate.js,wp-content/plugins/kaspersky-wp-autosearch/assert/js/autocomplete.js,wp-content/plugins/kaspersky-wp-autosearch/assert/js/ajax-script.js,wp-content/plugins/wds-no-login-autocomplete/js/script.js,wp-content/themes/securelist2020/assets/js/main.js,wp-includes/js/comment-reply.min.js'></script> <script type='text/javascript' src='//assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/akismet/_inc/akismet-frontend.js,wp-includes/js/dist/dom-ready.min.js,wp-includes/js/dist/hooks.min.js,wp-includes/js/dist/i18n.min.js,wp-includes/js/dist/a11y.min.js'></script> <script type="text/javascript" defer='defer' src="https://securelist.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.5.16.3" id="gform_json-js"></script> <script type="text/javascript" id="gform_gravityforms-js-extra"> /* <![CDATA[ */ var gform_i18n = {"datepicker":{"days":{"monday":"Mon","tuesday":"Tue","wednesday":"Wed","thursday":"Thu","friday":"Fri","saturday":"Sat","sunday":"Sun"},"months":{"january":"January","february":"February","march":"March","april":"April","may":"May","june":"June","july":"July","august":"August","september":"September","october":"October","november":"November","december":"December"},"firstDay":1,"iconText":"Select date"}}; var gf_global = {"gf_currency_config":{"name":"U.S. Dollar","symbol_left":"$","symbol_right":"","symbol_padding":"","thousand_separator":",","decimal_separator":".","decimals":2,"code":"USD"},"base_url":"https:\/\/securelist.com\/wp-content\/plugins\/gravityforms","number_formats":[],"spinnerUrl":"https:\/\/securelist.com\/wp-content\/plugins\/gravityforms\/images\/spinner.svg","strings":{"newRowAdded":"New row added.","rowRemoved":"Row removed","formSaved":"The form has been saved. The content contains the link to return and complete the form."}}; var gf_legacy_multi = {"11":""}; var gf_global = {"gf_currency_config":{"name":"U.S. Dollar","symbol_left":"$","symbol_right":"","symbol_padding":"","thousand_separator":",","decimal_separator":".","decimals":2,"code":"USD"},"base_url":"https:\/\/securelist.com\/wp-content\/plugins\/gravityforms","number_formats":[],"spinnerUrl":"https:\/\/securelist.com\/wp-content\/plugins\/gravityforms\/images\/spinner.svg","strings":{"newRowAdded":"New row added.","rowRemoved":"Row removed","formSaved":"The form has been saved. The content contains the link to return and complete the form."}}; var gf_legacy_multi = {"11":""}; var gf_global = {"gf_currency_config":{"name":"U.S. Dollar","symbol_left":"$","symbol_right":"","symbol_padding":"","thousand_separator":",","decimal_separator":".","decimals":2,"code":"USD"},"base_url":"https:\/\/securelist.com\/wp-content\/plugins\/gravityforms","number_formats":[],"spinnerUrl":"https:\/\/securelist.com\/wp-content\/plugins\/gravityforms\/images\/spinner.svg","strings":{"newRowAdded":"New row added.","rowRemoved":"Row removed","formSaved":"The form has been saved. The content contains the link to return and complete the form."}}; var gf_legacy_multi = {"11":""}; /* ]]> */ </script> <script type="text/javascript" defer='defer' src="https://securelist.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.5.16.3" id="gform_gravityforms-js"></script> <script type="text/javascript" defer='defer' src="https://securelist.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.5.16.3" id="gform_placeholder-js"></script> <script type="text/javascript"> /* <![CDATA[ */ gform.initializeOnLoaded( function() { jQuery(document).on('gform_post_render', function(event, formId, currentPage){if(formId == 11) {if(typeof Placeholders != 'undefined'){ Placeholders.enable(); }} } );jQuery(document).bind('gform_post_conditional_logic', function(event, formId, fields, isInit){} ) } ); /* ]]> */ </script> <script type="text/javascript"> /* <![CDATA[ */ gform.initializeOnLoaded( function() { jQuery(document).trigger('gform_post_render', [11, 1]) } ); /* ]]> */ </script> </body> </html>