FIN7 is an international cybercrime organization that has earned more than $1 billion that appears to be based in Russia. Some members were arrested in 2018, but as of 2020, they are still in great power. According to security researchers, FIN7 is nothing special from a technical point of view. For example, the attack is a classic phishing attack, and the tool used is also a general malware reuse.
FIN7, which doesn’t have advanced technology, has succeeded enough to earn more than $1 billion because it has groundbreaking project management that deserves to be evaluated as innovation. Point out sophisticated talent management and business processes. FIN7 workforce is gathered through fake companies. The central member recruits members by pretending to be a fake security company, and the prospective talent even conducts an interview using the business chat tool, HipChat.
The collected manpower is applied to effective cybercrime processes and various companies and organizations, and benefits the organization through monetization templates. Selecting the target organization finds potential weaknesses in the target organization and sends e-mails to those personnel to plant a Trojan horse. Build a surveillance network like this. Financial transactions, such as access to a target business account or store, are specified. In addition, the data collected by withdrawing funds from the account is obtained through the network. Sell the obtained financial data.
For FIN7’s series of criminal processes, the stable criminal process allows any victim to develop value. In this way, FIN7 builds and manages a portfolio of victims that can be exploited. FIN7 manages the portfolio in units of projects that formed the victims and the talents who attack them. Each project includes information about the victim, assigns a person in charge, and includes data from the victim. The portfolio built in this way made it possible to keep track of progress through project management software, JIRA.
In addition, the fact that FIN7’s technological prowess is never high is an advantage that FIN7 revenue does not depend on the member’s technological capabilities.
Based on such research results, the innovations of FIN7 can be summarized as follows. It is a transition from technological demand innovation to business-based innovation. Accordingly, crimes with high reproducibility and adaptability become possible. It also manages a portfolio to expand the process and uses project management software to manage mass victims. Cultivate the ability to carry out projects at the same time, and secure subtle role-sharing, structure, and manpower. It supports a development environment that introduces DevOps and agility. Related information can be found here.