Hacking group FIN7 has been distributing its new endpoint detection and response evasion tool "AvNeutralizer" across several cybercrime forums to help bolster the stealthiness of ransomware operations, SC Media reports.
AvNeutralizer has already been leveraged in attacks by the BlackBasta ransomware gang, which was previously associated with FIN7, an analysis from SentinelLabs revealed.
Such a transition to providing AvNeutralizer was noted by cybersecurity experts to be indicative of the continuous evolution of FIN7, which initially dabbled in financial point-of-sale malware in 2012 before moving to ransomware intrusions eight years later.
"They are very innovative, pivoting quickly when too much attention is directed toward them, changing their persona on a dime. This contrasts with other threat actors we encounter that make a lot of noise, but do not pivot and go underground when the heat is turned up — most are brazen and crave the attention. FIN7 is methodical and realizes quickly that they must change directions before authorities zero-in on them," said Fenix24 co-founder Heath Renfrow.