MILPITAS, Calif.–A relatively unknown cybercrime group has hacked numerous organizations to steal as many as 20 million payments cards worth as much as $400 million in underground cybercrime sales, according to a new report from FireEye, which provides cybersecurity.
FireEye has dubbed the group FIN6, and said it has been selling the stolen credit card data on “darknet carder forums” to people who then use payment card data to commit fraud.
FireEye said what separates the FIN6 hackers from others is how quickly it comes to market with the stolen credentials, which in turn allows it to get a higher price. The most valuable card numbers, of course, are those not yet known to be stolen.
The top targets of the FIN6 hackers, according to FireEye, have been the hospitality and retail industries, which have been primarily hit with spear-phishing attacks in which they directly hack into the targeted organization using malware. FireEye said FIN6 tends to use malware known as Trinity or FrameworkPOS. In many cases the penetration takes place and is over before victims even know it has occurred.
FireEye said it believes the group is operating from Eastern Europe.