FIN6 is a cyber crime group with primary focus on POS systems. According to the report, published by FireEye researchers, hackers managed to infect nearly 2,000 POS terminals and steal around 20 million credit card numbers.
According to report, FIN6 supposedly bought access credentials to compromised networks and used them to deploy malware to point-of-sale systems. The entire business model looks like this:
The group used Metasploit Framework to exploit known vulnerabilities (CVE-2013-3660, CVE-2011-2005 and CVE-2010-4398) and elevate privileges on compromised systems. After that, they installed backdoors to completely control infected network.
POS systems were infected with FrameworkPOS (TRINITY by FireEye) Trojan, which was used to copy card information and transfer it to hackers.
The cards were sold on an underground forum for $21 per record. Assuming the number of stolen cards within several years, cybercriminals could make up to $ 400 million in total.
The original report is available here.
