APT
ATLAS
Atlas
Actors
Sectors
Requirements
⌘K
▸
sign in
Atlas
Actors
Sectors
Requirements
LOADING
FIN6 (aka ITG08, MageCart Group 6) · APT Atlas
Actors
/
Cybercrime
/
Europe
FIN6
CRIME
RU · Russia
AKA
ITG08 · MageCart Group 6 · TAAL
CrowdStrike
:
Skeleton Spider
Microsoft
:
Camouflage Tempest
Targets
15
Sectors
2
Threat types
1
GIRs covered
0/480
Active since
2014
Pin to atlas
Watch
Share
Export
Victimology
Geographic footprint · 15 countries
Region filter
Export
origin · Russia
targeted countries · 15
AMERICAS ·
5
Canada
·
Chile
·
Colombia
·
United States
·
British Virgin Islands
EUROPE ·
5
Switzerland
·
Spain
·
France
·
United Kingdom
·
Ireland
ASIA ·
5
China
·
India
·
South Korea
·
Philippines
·
Singapore
Sectors targeted
2 of 40
Retail & Hospitality
25 actors
Hospitality
26 actors
Tactics, techniques, procedures
Threat types + MITRE ATT&CK mapping
THREAT TYPES
FIN · Financial Fraud
MITRE ATT&CK · 31 techniques
Initial Access
· 2
T1566.001
Spearphishing Attachment
T1566.003
Spearphishing via Service
Execution
· 6
T1047
Windows Management Instrumentation
Persistence
· 1
Privilege Escalation
· 1
T1068
Exploitation for Privilege Escalation
Credential Access
· 4
T1003.001
LSASS Memory
Discovery
· 2
T1018
Remote System Discovery
T1046
Network Service Discovery
Lateral Movement
· 1
T1021.001
Remote Desktop Protocol
Collection
· 4
T1005
Data from Local System
T1119
Automated Collection
T1560
Archive Collected Data
Exfiltration
· 1
T1048.003
Exfiltration Over Unencrypted Non-C2 Protocol
Command And Control
· 3
T1095
Non-Application Layer Protocol
T1102
Web Service
Defense Impairment
· 1
T1685
Disable or Modify Tools
Stealth
· 5
T1027.010
Command Obfuscation
T1036.004
Masquerade Task or Service
GIR coverage
0 / 480 requirements satisfied
Open matrix
No GIRs mapped yet for this actor.
Related actors
By origin and actor type
APT28
nation-state
Russia · 0 targets · since 2007
APT44
nation-state
Russia · 25 targets · since 2009
FIN2
cybercrime
unattributed · 0 targets · since —
FIN3
cybercrime
unattributed · 1 targets · since —
FIN10
cybercrime
unattributed · 1 targets · since 2013
FIN13
cybercrime
unattributed · 4 targets · since 2013
T1053.005
Scheduled Task
T1059
Command and Scripting Interpreter
T1059.001
PowerShell
T1059.003
Windows Command Shell
T1059.007
JavaScript
T1547.001
Registry Run Keys / Startup Folder
T1003.003
NTDS
T1555
Credentials from Password Stores
T1555.003
Credentials from Web Browsers
T1560.003
Archive via Custom Method
T1573.002
Asymmetric Cryptography
T1070.004
File Deletion
T1078
Valid Accounts
T1134
Access Token Manipulation