The past two years have borne witness to the increasing collaboration between organized cybercrime groups to avoid duplication of efforts and maximize profits. Although this collaboration has primarily occurred between gangs developing and distributing well-known banking Trojans, such as Emotet, TrickBot and IcedID, it does not stop there. In a new and dangerous twist to this trend, IBM X-Force Incident Response and Intelligence Services (IRIS) research believes that the elite cybercriminal threat actor ITG08, also known as FIN6, has partnered with the malware gang behind one of the most active Trojans — TrickBot — to use TrickBot’s new malware framework dubbed “Anchor” against organizations for financial profit.
The Anchor malware framework itself is not new and its origins date back to at least 2018. It appears to be tightly connected to TrickBot and is likely programmed by the same malware authors that work on TrickBot. Cybersecurity firms SentinelOne and Cybereason have published reports in recent months describing Anchor as new malware developed by the TrickBot gang for use in targeted attacks against enterprises, including a new PowerShell-based backdoor called PowerTrick.
ITG08 and TrickBot — A Loaded Duo
ITG08/FIN6 is an organized cybercrime gang that has been active since 2015, primarily targeting point-of-sale (POS) machines in brick-and-mortar retailers and companies in the hospitality sector across the U.S. and Europe. TrickBot is a banking Trojan that emerged in 2016 and has since grown to be one of the top, and most sophisticated, Trojans being used by organized cybercrime gangs believed to be hailin ..
Support the originator by clicking the read the rest link below.
 Partners With TrickBot Gang, Uses Anchor Framework){kind=link}