This report shares actionable intelligence and proven threat hunting and incident response methods used by the RSA Incident Response Team to successfully respond to an intrusion in early-to-mid 2017 by the threat actor group known as CARBANAK, also known as FIN7.
Included with this report is a Digital Appendix used to identify and track attacker activity throughout the environment during this incident.