Threat Actor Profile
High
APT
Description
FIN10 is a financially motivated threat group that has targeted organizations in North America since at least 2013 through 2016. The group uses stolen data exfiltrated from victims to extort organizations. (Citation: FireEye FIN10 June 2017)
Confidence Score
Known Aliases
FIN10
Tags
mitre-attack
stix-2.1
intrusion-set
First Seen
Unknown
Last Updated
Unknown
Active Status
ActiveCreated
April 29, 2026
MITRE ATT&CK Techniques (11)
Indicators of Compromise
Loading IOCs…
IOC KQL for Sentinel
STIX Data
{'aliases': ['FIN10'],
'created': '2017-12-14T16:46:06.044Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': '[FIN10](https://attack.mitre.org/groups/G0051) is a '
'financially motivated threat group that has targeted '
'organizations in North America since at least 2013 through '
'2016. The group uses stolen data exfiltrated from victims to '
'extort organizations. (Citation: FireEye FIN10 June 2017)',
'external_references': [{'external_id': 'G0051',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/groups/G0051'},
{'description': '(Citation: FireEye FIN10 June 2017)',
'source_name': 'FIN10'},
{'description': 'FireEye iSIGHT Intelligence. (2017, '
'June 16). FIN10: Anatomy of a Cyber '
'Extortion Operation. Retrieved '
'November 17, 2024.',
'source_name': 'FireEye FIN10 June 2017',
'url': 'https://services.google.com/fh/files/misc/rpt-fin-10-anatomy-of-a-cyber-en.pdf'}],
'id': 'intrusion-set--fbe9387f-34e6-4828-ac28-3080020c597b',
'modified': '2024-11-17T14:57:09.164Z',
'name': 'FIN10',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'revoked': False,
'spec_version': '2.1',
'type': 'intrusion-set',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_deprecated': False,
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_version': '1.3'}