New research shows the notorious cybercrime group FIN7 to be behind numerous clusters of previously unattributed threat activity spanning several years and targeting organizations in multiple regions and industries.

The study by Mandiant shows that the threat actor has shifted from mostly targeting the retail and hospitality sectors to aiming at organizations across a considerably broader range of industries using a wider range of weapons than before.

In the process, FIN7’s motivations have evolved as well, from mainly stealing payment card data to now deploying ransomware, ransomware-enabling operations, and double extortion attacks. FIN7 also has introduced new attack tools and has begun using supply chain attacks and the use of stolen credentials — in addition to its original phishing techniques — to gain initial access on target networks.