Adrian Johnson
TLDR:
- FIN7 hackers are selling their security evasion tool, AvNeutralizer, to other criminal groups on the darknet forums.
- The tool has been used by various ransomware groups and has been continuously updated to bypass security systems.
A notorious cybercriminal group known as FIN7 has been found selling its custom security evasion tool, AvNeutralizer, to other criminal gangs on darknet forums. Researchers have observed that multiple ransomware groups are now using this tool, indicating a wider customer base than previously thought. The tool, developed in April 2022, targets specific security systems chosen by the buyers and has been used in intrusions with ransomware strains such as AvosLocker, MedusaLocker, and more, causing significant financial losses across various industries. The latest version of AvNeutralizer includes a new method for bypassing security systems using a built-in Windows driver, making it harder to detect. FIN7’s development and commercialization of such specialized tools in criminal underground forums enhance the group’s impact and make attribution more challenging, demonstrating their advanced operational strategies.
