Request a Demo Contact Us


FIN7 is a threat actor group that targets US hospitality, restaurant, and retail industries by compromising the target's point-of-sale equipment.

FIN7 is a threat actor group that has heavily targeted the United States hospitality, restaurant, and retail industries. They are known for compromising point-of-sale equipment with their software tools and malware. In 2020 FIN 7 increased the use of REvil ransomware in conjunction with their ransomware as a service called Darkside. They have also been known to use the Carbanak malware and are known today as FIN7, Carbanak, and Cobalt Group.

New research from Mandiant shows that FIN7 may be behind numerous groups of previously unattributed threat activity targeting organizations in many geographies and industries. In addition, the study suggests that FIN7 targets a wide range of industries using a more extensive mix of cyber weaponry than observed in the past.

In the early days of FIN7’s notoriety, they primarily stole payment card data. Today they are behind large ransomware, ransomware as a service, and other extortion-oriented attacks. To put this in context, the group may have stolen over $1 billion relating to stolen credit and debit card data. Additionally, FIN7 has been observed to attack thousands of point-of-sale terminals over time. FIN7’s victims have included well-known brands such as Chipotle Mexican Grill, Arby’s, Saks Fifth Avenue, and Hudson Bay Brands.

FIN7 has taken a few blows from law enforcement. In 2018 several members of FIN7 were arrested by the FBI, and some were sentenced to 10 years in prison. Nonetheless, the group has continued to grow and is estimated to have dozens of active members now.

Early on, FIN7 utilized phishing campaigns to deliver Loadout, Carbanak, or Griffon downloaders to the targeted networks. FIN7 has evolved to use stolen credentials for initial access. FIN7 has also tried to deploy malware tools directly onto a victim’s network. FIN7 uses Powerplant, a multifunction backdoor, and Beacon, which provides additional access within compromised networks.


Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.

Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels across many industries and from around the world.

Get started with Bugcrowd

Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.