Threat actor · all actors
FIN8G0061 unknown
aka FIN8, Syssphinx, ATK113, G0061
Last updated: 2026-07-03
0attributed CVEs
56ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
—years active
About this actor
[FIN8](https://attack.mitre.org/groups/G0061) is a financially motivated threat group that has been active since at least January 2016, and known for targeting organizations in the hospitality, retail, entertainment, insurance, technology, chemical, and financial sectors. In June 2021, security researchers detected [FIN8](https://attack.mitre.org/groups/G0061) switching from targeting point-of-sale (POS) devices to distributing a number of ransomware variants.(Citation: FireEye Obfuscation June 2017)(Citation: FireEye Fin8 May 2016)(Citation: Bitdefender Sardonic Aug 2021)(Citation: Symantec FIN8 Jul 2023)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
T1003T1003.001T1016T1016.001T1018T1021T1021.001T1021.002T1027T1027.010T1033T1047T1048T1048.003T1053T1053.005T1055T1055.004T1059T1059.001T1059.003T1068T1070T1070.004T1071T1071.001T1074T1074.002T1078T1082T1102T1105T1112T1134T1134.001T1204T1204.001T1204.002T1482T1486T1518T1518.001T1546T1546.003T1560T1560.001T1566T1566.001T1566.002T1573T1573.002T1588T1588.002T1588.003T1685T1685.005
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
CM-6 | 38 / 56 | 68% |
SI-4 | 38 / 56 | 68% |
CM-2 | 36 / 56 | 64% |
SI-3 | 32 / 56 | 57% |
AC-6 | 26 / 56 | 46% |
CM-7 | 26 / 56 | 46% |
AC-3 | 24 / 56 | 43% |
CA-7 | 24 / 56 | 43% |
AC-2 | 23 / 56 | 41% |
SC-7 | 23 / 56 | 41% |
AC-4 | 20 / 56 | 36% |
AC-5 | 18 / 56 | 32% |
CM-5 | 16 / 56 | 29% |
IA-2 | 16 / 56 | 29% |
SI-7 | 15 / 56 | 27% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- FIN6 0.41
- Wizard Spider 0.40
- Play 0.38
- APT33 0.36
- Cobalt Group 0.35