Disclosures:
Professional Reviews

The reviews found on WizCase consist of evaluations conducted by community reviewers. These assessments take into account the reviewers' unbiased and knowledgeable analysis of the products and services being reviewed.

Ownership

WizCase is a leading cybersecurity review website with a team of experts experienced in testing and evaluating VPNs, antiviruses, password managers, parental controls, and software tools. Our reviews are available in 29 languages, making them accessible to a broad audience since 2018. To further support our readers in their pursuit of online security, we've partnered with Kape Technologies PLC, which owns popular products like ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, all of which may be reviewed on our website.

Affiliate Commissions

Wizcase contains reviews that follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will take into consideration the independent, honest, and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, at no additional cost to them. On listicle pages, we rank vendors based on a system that prioritizes the reviewer’s examination of each service, but also considers feedback received from our readers and our commercial agreements with providers.

Review Guidelines

The reviews published on WizCase are written by community reviewers that examine the products according to our strict reviewing standards. Such standards ensure that each review prioritizes the independent, professional, and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may also take into consideration the affiliate commissions we earn for purchases through links on our website.

News Heading

Ex-Conti and FIN7 Cybercrime Gangs Unite to Launch Domino Malware

Ari Denial
Published by Ari Denial on April 19, 2023

In what appears to be a coordinated effort between the FIN7 and Ex-Conti cybercrime gangs, a newly developed malware strain called “Domino” has emerged.

This collaboration suggests that the two groups have joined forces, with the now-defunct Conti ransomware gang using the malware. Domino’s primary purpose is to aid in subsequent exploitation of compromised systems, and it includes an information stealer that has been available for purchase on the dark web since December 2021, but not widely known.

According to a recently released IBM report, the FIN7 hacking group, which has connections to numerous types of malware as well as the BlackBasta and DarkSide ransomware operations, was responsible for developing the Domino malware.

IBM researchers have discovered that the ‘Dave Loader’ malware loader has been linked to former members of the Conti ransomware and TrickBot groups, deploying Cobalt Strike beacons and Emotet.

However, recently it has been observed installing the new ‘Domino’ malware family, which includes a backdoor and an embedded .NET info-stealer called ‘Nemesis Project.’ The researchers speculate that the backdoor may download more sophisticated malware like Cobalt Strike for high-value targets.

Threat actors often collaborate with other groups to distribute malware and gain initial access to corporate networks, with ransomware gangs like REvil, Maze, and Conti relying on the likes of TrickBot and Emotet. With the disbanding of Conti, smaller cells have emerged, including BlackBasta, LockBit, and Quantum. IBM has linked the Domino malware family to FIN7, as it shares a code overlap with Lizar, and a loader named ‘NewWorldOrder’ was used to distribute the malware.

The Dave Loader malware, associated with TrickBot/Conti, has been observed pushing the Domino malware, linked to FIN7, which then deploys Project Nemesis or Cobalt Strike beacons associated with ex-Conti ransomware activity. This complicated partnership among threat actors creates challenges for defenders who need to address multiple malware strains that enable remote access to networks.

Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!
0 Voted by 0 users
Title
Comment
Thanks for your feedback