Cyber Resilience

Threat actor · all actors

FIN7G0046 unknown

aka FIN7, GOLD NIAGARA, ITG14, Carbon Spider, ELBRUS, Sangria Tempest

Last updated: 2026-07-03

1attributed CVEs
93ATT&CK techniques
1.2IDF score (tooling uniqueness)
0exclusive CVEs
2026years active

About this actor

[FIN7](https://attack.mitre.org/groups/G0046) is a financially-motivated threat group that has been active since 2013. [FIN7](https://attack.mitre.org/groups/G0046) has targeted the retail, restaurant, hospitality, software, consulting, financial services, medical equipment, cloud services, media, food and beverage, transportation, pharmaceutical, and utilities industries in the United States. A portion of [FIN7](https://attack.mitre.org/groups/G0046) was operated out of a front company called Combi Security and often used point-of-sale malware for targeting efforts. Since 2020, [FIN7](https://attack.mitre.org/groups/G0046) shifted operations to big game hunting (BGH), including use of [REvil](https://attack.mitre.org/software/S0496) ransomware and their own Ransomware-as-a-Service (RaaS), Darkside. FIN7 may be linked to the [Carbanak](https://attack.mitre.org/groups/G0008) Group, but multiple threat groups have been observed using [Carbanak](https://attack.mitre.org/software/S0030), leading these groups to be tracked separately.(Citation: FireEye FIN7 March 2017)(Citation: FireEye FIN7 April 2017)(Citation: FireEye CARBANAK June 2017)(Citation: FireEye FIN7 Aug 2018)(Citation: CrowdStrike Carbon Spider August 2021)(Citation: Mandiant FIN7 Apr 2022)(Citation: BiZone Lizar May 2021)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2026-20929 5.57.50.01142026-01-13see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-454 / 9358%
CM-651 / 9355%
CM-247 / 9351%
SI-343 / 9346%
CM-741 / 9344%
AC-338 / 9341%
AC-636 / 9339%
CA-736 / 9339%
AC-233 / 9335%
SI-728 / 9330%
SC-725 / 9327%
AC-424 / 9326%
CM-524 / 9326%
IA-222 / 9324%
RA-522 / 9324%

Co-occurring actors

Similar actors

Similar TTPs

Overlapping CVEs