Daily Threat Report โ French Financial Sector
French financial institutions face active threats from financially motivated and nation-state actors leveraging phishing infrastructure, unpatched vulnerabilities, and known C2 endpoints. Immediate action is required to block active IOCs and hunt for compromise across endpoint and network telemetry.
FIN7 Active C2 Infrastructure Targeting Financial Sector
CRITICAL FIN7FIN7, a highly sophisticated financially motivated threat actor, is actively leveraging C2 infrastructure to conduct campaigns against financial institutions in Europe including France. Their toolset includes CARBANAK and other banking malware capable of large-scale fraud and data exfiltration.
Lazarus Group Cryptocurrency and Banking Phishing Campaign
CRITICAL Lazarus GroupThe Lazarus Group, a North Korean state-sponsored actor, is conducting phishing campaigns using cryptocurrency and banking-themed lure pages targeting financial sector employees to steal credentials and deploy implants. IPFS-hosted phishing infrastructure and crypto-themed lure pages are actively in use.
TA505 Exploitation of ConnectWise ScreenConnect and cPanel Vulnerabilities
HIGH TA505TA505, known for large-scale financial malware distribution including Dridex and FlawedAmmyy, is actively exploiting vulnerabilities in ConnectWise ScreenConnect and cPanel/WHM as highlighted in recent CISA advisories to gain initial access to financial sector networks. Linux kernel vulnerabilities are also being leveraged for privilege escalation post-compromise.