nick Profile picture
By Stimson's postulate, I'm no gentleman. Senior Manager @Mandiant #AdvancedPractices
Feb 11, 2019 9 tweets 4 min read
Although #FIN10 achieved some success targeting the 🇨🇦 casino and mining industry, @FireEye hasn't discussed the actor much since the June, 2017 blog article fireeye.com/blog/threat-re…, because, well… the techniques are a bit abecedarian. (h/t thesaurus.com). FIN10 has gone from targeting those industries, stealing PII and extorting victims for BTC, to posting particularly lame, decimal encoded phishing lures to Canadian stock market forums, directing victims to EMPIRE downloads. Decimal encoded URLs are a consistent FIN10 TTP.