Cyber Resilience

Threat actor · all actors

FIN4G0085 state

🇷🇴 RO

aka FIN4, WOLF SPIDER, G0085

Last updated: 2026-07-03

0attributed CVEs
20ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[FIN4](https://attack.mitre.org/groups/G0085) is a financially-motivated threat group that has targeted confidential information related to the public financial market, particularly regarding healthcare and pharmaceutical companies, since at least 2013.(Citation: FireEye Hacking FIN4 Dec 2014)(Citation: FireEye FIN4 Stealing Insider NOV 2014) [FIN4](https://attack.mitre.org/groups/G0085) is unique in that they do not infect victims with typical persistent malware, but rather they focus on capturing credentials authorized to access email and other non-public correspondence.(Citation: FireEye Hacking FIN4 Dec 2014)(Citation: FireEye Hacking FIN4 Video Dec 2014)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-416 / 2080%
CM-615 / 2075%
CA-714 / 2070%
AC-413 / 2065%
CM-213 / 2065%
SI-313 / 2065%
SC-712 / 2060%
CM-711 / 2055%
SI-78 / 2040%
AC-37 / 2035%
SC-446 / 2030%
SI-106 / 2030%
SI-26 / 2030%
SI-86 / 2030%
SC-205 / 2025%

Co-occurring actors

None.

Similar actors