FireEye – Mandiant

FireEye is the intelligence-led security company. If you’ve read about a major breach in the headlines there’s a high likelihood FireEye was on the frontlines responding to it – along with many more that you never heard about. We are on the frontlines of cyber-attacks every day, and our real-time knowledge of the threat landscape guides us as we build our products, produce threat intelligence, and arm our
services teams to prepare for, respond to, and prevent breaches. We help secure our customers through a unique innovation cycle. Our product teams build solutions based on world-class threat expertise provided by our frontline teams and our frontline experts
harden the technology on the front lines to provide the best line of defence in cyber security. We use this innovation cycle to create the most effective cyber defence platform – a seamless, on-demand extension of our customers’ security operations.

Mandiant Threat Intelligence recently promoted a threat cluster to a named FIN (or financially motivated) threat group for the first time since 2017. We have detailed FIN11’s various tactics, techniques and procedures in a report that you can download on this page.

In some ways, FIN11 is reminiscent of APT1; they are notable not for their sophistication, but for their sheer volume of activity. There are significant gaps in FIN11’s phishing operations, but when active, the group conducts up to five high-volume campaigns a week. While many financially motivated threat groups are short lived, FIN11 has been conducting these widespread phishing campaigns since at least 2016. From 2017 through 2018, the threat group primarily targeted organisations in the financial, retail, and hospitality sectors. However, in 2019 FIN11’s targeting expanded to include a diverse set of sectors and geographic regions. At this point, it would be difficult to name a client that FIN11 hasn’t targeted.

By downloading this report, you’ll be arming yourself with some frontline knowledge of how this group operate, providing your team with some invaluable insight around how to avoid becoming this prolific threat group’s latest victim.