FIN6
High ConfidenceMedium ThreatSkeleton Spider • ITG08 • Magecart Group 6
FIN6 is a financially motivated cybercrime group that has been active since at least 2015, initially focusing on stealing payment card data from point-of-sale systems in retail and hospitality sectors. The group has since evolved to include ransomware deployment, using Ryuk and LockerGoga in their operations. FIN6 is known for their methodical approach, often spending months inside victim networks conducting reconnaissance before monetizing their access. They have stolen millions of payment card records and caused significant financial damage through ransomware attacks.
FIN6 is a financially motivated cybercrime group that has been active since at least 2015, initially focusing on stealing payment card data from point-of-sale systems in retail and hospitality sectors. The group has since evolved to include ransomware deployment, using Ryuk and LockerGoga in their operations. FIN6 is known for their methodical approach, often spending months inside victim networks conducting reconnaissance before monetizing their access. They have stolen millions of payment card records and caused significant financial damage through ransomware attacks.
Target Sectors
Target Regions
Attributed to Cybercriminal (No State Sponsor) (Unknown). Attribution confidence: High.
Future Outlook
FIN6 is expected to continue operations targeting Retail sectors.
First observed activity of FIN6
Continued active operations