APT
ATLAS
Atlas
Actors
Sectors
Requirements
⌘K
▸
sign in
Atlas
Actors
Sectors
Requirements
LOADING
FIN7 (aka ELBRUS, ITG14) · APT Atlas
Actors
/
Cybercrime
/
Europe
FIN7
CRIME
RU · Russia
AKA
ELBRUS · ITG14 · Calcium
CrowdStrike
:
CARBON SPIDER
Kaspersky
:
Carbanak
Microsoft
:
Sangria Tempest
Secureworks
:
GOLD NIAGARA
Targets
25
Sectors
18
Threat types
2
GIRs covered
0/480
Active since
2013
Pin to atlas
Watch
Share
Export
Victimology
Geographic footprint · 25 countries
Region filter
Export
origin · Russia
targeted countries · 25
ASIA ·
8
United Arab Emirates
·
Hong Kong
·
Japan
·
South Korea
·
Lebanon
·
Qatar
·
Thailand
·
Yemen
AMERICAS ·
5
Argentina
·
Brazil
·
Chile
·
Colombia
·
Jamaica
OCEANIA ·
1
Australia
EUROPE ·
9
Belgium
·
Bulgaria
·
Czechia
·
France
·
United Kingdom
·
Greece
·
Ireland
·
Norway
·
Romania
AFRICA ·
2
Egypt
·
South Africa
Sectors targeted
18 of 40
Government
83 actors
Aerospace
49 actors
Financial Services
61 actors
Retail & Hospitality
25 actors
NGOs & Dissidents
47 actors
Energy / Utilities
49 actors
Oil and Gas
19 actors
Education & Research
50 actors
Manufacturing (man)
40 actors
Transportation
25 actors
Logistics
18 actors
Hospitality
26 actors
Transport & Logistics
6 actors
Legal & Professional
13 actors
Consulting / Professional Services
26 actors
Chemicals
15 actors
Consumer Goods / Electronics
16 actors
Agriculture & Food
15 actors
Tactics, techniques, procedures
Threat types + MITRE ATT&CK mapping
THREAT TYPES
FIN · Financial Fraud
RAN · Ransomware
MITRE ATT&CK · 52 techniques
Reconnaissance
· 2
T1591
Gather Victim Org Information
T1591.004
Identify Roles
Resource Development
· 2
T1583.006
Web Services
Initial Access
· 4
T1190
Exploit Public-Facing Application
T1195.002
Execution
· 9
T1047
Windows Management Instrumentation
Persistence
· 2
T1543.003
Windows Service
Credential Access
· 1
T1558.003
Kerberoasting
Discovery
· 3
T1033
System Owner/User Discovery
Lateral Movement
· 5
T1021.001
Remote Desktop Protocol
T1021.004
SSH
Collection
· 3
T1005
Data from Local System
T1113
Screen Capture
T1125
Video Capture
Exfiltration
· 1
T1567.002
Exfiltration to Cloud Storage
Impact
· 1
T1486
Data Encrypted for Impact
Command And Control
· 6
T1008
Fallback Channels
T1071.004
DNS
Defense Impairment
· 1
T1686
Disable or Modify System Firewall
Stealth
· 12
T1027.010
Command Obfuscation
T1036.004
Masquerade Task or Service
GIR coverage
0 / 480 requirements satisfied
Open matrix
No GIRs mapped yet for this actor.
Related actors
By origin and actor type
APT28
nation-state
Russia · 0 targets · since 2007
APT44
nation-state
Russia · 25 targets · since 2009
FIN2
cybercrime
unattributed · 0 targets · since —
FIN3
cybercrime
unattributed · 1 targets · since —
FIN6
cybercrime
Russia · 15 targets · since 2014
FIN10
cybercrime
unattributed · 1 targets · since 2013
T1608.005
Link Target
Compromise Software Supply Chain
T1566.001
Spearphishing Attachment
T1566.002
Spearphishing Link
T1053.005
Scheduled Task
T1059
Command and Scripting Interpreter
T1059.001
PowerShell
T1059.003
Windows Command Shell
T1059.005
Visual Basic
T1059.007
JavaScript
T1204.001
Malicious Link
T1674
Input Injection
T1547.001
Registry Run Keys / Startup Folder
T1057
Process Discovery
T1124
System Time Discovery
T1021.005
VNC
T1091
Replication Through Removable Media
T1210
Exploitation of Remote Services
T1102.002
Bidirectional Communication
T1105
Ingress Tool Transfer
T1219
Remote Access Tools
T1571
Non-Standard Port
T1036.005
Match Legitimate Resource Name or Location
T1078
Valid Accounts
T1078.003
Local Accounts
T1140
Deobfuscate/Decode Files or Information
T1218.005
Mshta
T1218.011
Rundll32
T1497.002
User Activity Based Checks
T1564.001
Hidden Files and Directories
T1564.003
Hidden Window
T1620
Reflective Code Loading