FIN7 is spreading malware via deepfake nude generator sites - #FIN7
Recent reports indicate that the cyberespionage group Earth Baxia has been targeting government organizations and industries across the Asia-Pacific (APAC) region, particularly in Taiwan, by exploiting a critical vulnerability in GeoServer (CVE-2024-36401). Their sophisticated campaigns employ spear-phishing emails and deploy advanced tools like Cobalt Strike and a custom backdoor named EAGLEDOOR, which supports multiple communication protocols. The group leverages public cloud services to host malicious files, making their activities harder to trace. Additionally, the use of techniques such as GrimResource and AppDomainManager injection complicates detection and response efforts. Other reports highlight the activities of the FIN7 cybercriminal organization, which uses AI-generated deepfake sites to distribute malware. These campaigns underscore the need for robust cybersecurity measures, continuous threat monitoring, and international cooperation in cybersecurity defense.