FIN12

RANSOMWARE

FIN12 is a sophisticated ransomware group that primarily targets large enterprises and critical infrastructure sectors such as healthcare and financial services. The group's typical attack vector remains elusive due to the lack of confirmed initial access methods, but their exploitation patterns suggest they leverage unpatched vulnerabilities across various software products. Unlike other ransomware actors who often engage in double extortion or indiscriminate data theft, FIN12 focuses on a more strategic approach that involves comprehensive encryption and selective exfiltration of sensitive data, which is then used for negotiation purposes.

FIN12's technical footprint reveals a preference for exploiting critical vulnerabilities related to remote code execution (RCE) and authentication bypass mechanisms. The group's reliance on unconfirmed CVEs indicates they are likely ahead of the curve in identifying and weaponizing zero-day vulnerabilities before public disclosure. This capability underscores their high level of sophistication, as evidenced by their ability to conduct targeted attacks without leaving a distinct digital footprint. Defenders should prioritize regular patch management for all software products, particularly those with known critical vulnerabilities, and implement robust network segmentation to limit the lateral movement potential of FIN12's malware once initial access is achieved.

Predicted CVEs (66) CORRELATION

How does prediction work?

Predicted CVEs are identified through automated correlation using multiple sources: vendor/product profiles historically targeted by the group (MITRE ATT&CK), attack chain patterns (KEV + TTPs), threat intelligence (MISP, STIX), and AI analysis. These CVEs have not been confirmed as exploited by this specific group, but have a high probability of being targets based on the actor's operational profile.

CVE-2020-0796 CRITICAL Microsoft Windows 10 Version 1903 for 32-bit Systems predicted 10.0 CVE-2020-0796 CRITICAL Microsoft Windows 10 Version 1903 for 32-bit Systems predicted 10.0 CVE-2020-1350 CRITICAL Microsoft Windows Server predicted 10.0 CVE-2025-53770 CRITICAL Microsoft SharePoint Enterprise Server 2016 predicted 9.8 CVE-2025-53770 CRITICAL Microsoft SharePoint Enterprise Server 2016 predicted 9.8 CVE-2021-31166 CRITICAL Microsoft Windows 10 Version 2004 predicted 9.8 CVE-2024-49035 CRITICAL Microsoft Partner Center predicted 9.8 CVE-2023-29357 CRITICAL Microsoft SharePoint Server 2019 predicted 9.8 CVE-2021-38647 CRITICAL Microsoft Open Management Infrastructure predicted 9.8 CVE-2020-0646 CRITICAL Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 predicted 9.8 CVE-2024-21413 CRITICAL Microsoft Office 2019 predicted 9.8 CVE-2024-21410 CRITICAL Microsoft Exchange Server 2016 Cumulative Update 23 predicted 9.8 CVE-2021-38647 CRITICAL Microsoft Open Management Infrastructure predicted 9.8 CVE-2026-20963 CRITICAL Microsoft SharePoint Enterprise Server 2016 predicted 9.8 CVE-2024-43468 CRITICAL Microsoft Configuration Manager predicted 9.8 CVE-2025-59287 CRITICAL Microsoft Windows Server 2012 predicted 9.8 CVE-2025-24989 CRITICAL Microsoft Power Pages predicted 9.8 CVE-2023-29357 CRITICAL Microsoft SharePoint Server 2019 predicted 9.8 CVE-2023-23397 CRITICAL Microsoft Office LTSC 2021 predicted 9.8 CVE-2021-26855 CRITICAL Microsoft Exchange Server 2016 Cumulative Update 19 predicted 9.1 CVE-2021-34473 CRITICAL Microsoft Exchange Server 2013 Cumulative Update 23 predicted 9.1 CVE-2020-1040 CRITICAL Microsoft Windows Server predicted 9.0 CVE-2023-21529 HIGH Microsoft Exchange Server 2019 Cumulative Update 12 predicted 8.8 CVE-2021-42321 HIGH Microsoft Exchange Server 2016 Cumulative Update 21 predicted 8.8 CVE-2022-41080 HIGH Microsoft Exchange Server 2016 Cumulative Update 23 predicted 8.8 CVE-2025-49704 HIGH Microsoft SharePoint Enterprise Server 2016 predicted 8.8 CVE-2021-42321 HIGH Microsoft Exchange Server 2016 Cumulative Update 21 predicted 8.8 CVE-2025-49704 HIGH Microsoft SharePoint Enterprise Server 2016 predicted 8.8 CVE-2022-41040 HIGH Microsoft Exchange Server 2013 Cumulative Update 23 predicted 8.8 CVE-2020-0688 HIGH Microsoft Exchange Server 2013 predicted 8.8 CVE-2022-41080 HIGH Microsoft Exchange Server 2016 Cumulative Update 23 predicted 8.8 CVE-2021-34527 HIGH Microsoft Windows 10 Version 1809 predicted 8.8 CVE-2021-34527 HIGH Microsoft Windows 10 Version 1809 medium 8.8 CVE-2024-21412 HIGH Microsoft Windows 11 version 21H2 predicted 8.1 CVE-2024-21412 HIGH Microsoft Windows 11 version 21H2 predicted 8.1 CVE-2022-41082 HIGH Microsoft Exchange Server 2013 Cumulative Update 23 predicted 8.0 CVE-2022-41082 HIGH Microsoft Exchange Server 2013 Cumulative Update 23 predicted 8.0 CVE-2022-30190 HIGH Microsoft Windows 10 Version 1809 predicted 7.8 CVE-2023-28252 HIGH Microsoft Windows 10 Version 1809 predicted 7.8 CVE-2021-1675 HIGH Microsoft Windows 10 Version 1809 predicted 7.8 CVE-2024-26169 HIGH Microsoft Windows 10 Version 1809 predicted 7.8 CVE-2020-0787 HIGH Microsoft Windows predicted 7.8 CVE-2021-36942 HIGH Microsoft Windows Server 2019 predicted 7.5 CVE-2021-42287 HIGH Microsoft Windows Server 2019 predicted 7.5 CVE-2021-36942 HIGH Microsoft Windows Server 2019 predicted 7.5 CVE-2021-42278 HIGH Microsoft Windows Server 2019 predicted 7.5 CVE-2023-36884 HIGH Microsoft Windows 10 Version 1809 predicted 7.5 CVE-2023-36884 HIGH Microsoft Windows 10 Version 1809 predicted 7.5 CVE-2021-42287 HIGH Microsoft Windows Server 2019 predicted 7.5 CVE-2023-24955 HIGH Microsoft SharePoint Enterprise Server 2016 predicted 7.2 CVE-2024-38094 HIGH Microsoft SharePoint Enterprise Server 2016 predicted 7.2 CVE-2024-38094 HIGH Microsoft SharePoint Enterprise Server 2016 predicted 7.2 CVE-2023-24955 HIGH Microsoft SharePoint Enterprise Server 2016 predicted 7.2 CVE-2021-43890 HIGH Microsoft App Installer predicted 7.1 CVE-2021-43890 HIGH Microsoft App Installer predicted 7.1 CVE-2021-31207 MEDIUM Microsoft Exchange Server 2013 Cumulative Update 23 predicted 6.6 CVE-2025-49706 MEDIUM Microsoft SharePoint Enterprise Server 2016 predicted 6.5 CVE-2025-49706 MEDIUM Microsoft SharePoint Enterprise Server 2016 predicted 6.5 CVE-2020-1472 MEDIUM Microsoft Windows Server version 2004 medium 5.5 CVE-2020-1472 MEDIUM Microsoft Windows Server version 2004 predicted 5.5 CVE-2022-41091 MEDIUM Microsoft Windows 10 Version 1809 predicted 5.4 CVE-2022-44698 MEDIUM Microsoft Windows 10 Version 1809 predicted 5.4 CVE-2022-41091 MEDIUM Microsoft Windows 10 Version 1809 predicted 5.4 CVE-2022-44698 MEDIUM Microsoft Windows 10 Version 1809 predicted 5.4 CVE-2020-0878 MEDIUM Microsoft ChakraCore predicted 4.2 CVE-2020-0878 MEDIUM Microsoft ChakraCore predicted 4.2