ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > FIN12

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: FIN12

NamesFIN12 (Mandiant)
MotivationFinancial crime, Financial gain
First seen2018
Description(Mandiant) Today, Mandiant Intelligence is releasing a comprehensive report detailing FIN12, an aggressive, financially motivated threat actor behind prolific ransomware attacks since at least October 2018. FIN12 is unique among many tracked ransomware-focused actors today because they do not typically engage in multi-faceted extortion and have disproportionately impacted the healthcare sector. They are also the first FIN actor that we are promoting who specializes in a specific phase of the attack lifecycle—ransomware deployment—while relying on other threat actors for gaining initial access to victims. This specialization reflects the current ransomware ecosystem, which is comprised of various loosely affiliated actors partnering together, but not exclusively with one another.
ObservedSectors: Education, Financial, Healthcare, Manufacturing, Technology.
Countries: Australia, Canada, Colombia, France, Indonesia, Ireland, Philippines, South Korea, Spain, UAE, UK, USA.
Tools usedBazarBackdoor, Cobalt Strike, TrickBot.

Last change to this card: 02 November 2021

Download this actor card in PDF or JSON format

Previous: FIN11
Next: FIN13

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]