Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation Mahalo FIN7

The FIN7 threat group, also known as Anunak, used an in-memory-only tool known as BOOSTWRITE to drop the RDFSNIFFER payload and attack the “Aloha Command Center” client from NCR. The client is a remote administration tool used to manage and troubleshoot payment card processing systems that are running the Command Center Agent. The payload can perform man-in-the-middle attacks, hijack the utility's user interface, change the user's last input time, and upload, download, execute, and delete arbitrary files.
Name Modified Date Sources
Operation Mahalo FIN7 2019-10-16