Cybercrime researchers studying have found new infrastructure connected to the financially driven threat actor known as FIN7.

As part of a cooperative investigation with Silent Push and Stark Industries Solutions, Team Cymru said in a report released this week that the two clusters of possible FIN7 activity reveal communications coming into the FIN7 cybercrime infrastructure from IP addresses assigned to Post Ltd. (Russia) and SmartApe (Estonia), respectively.

The discoveries support a recent revelation by Silent Push that identified many IP addresses belonging to Stark Industries that are only used for hosting FIN7's new cybercrime infrastructure.

According to the most recent study, the hosts connected to the e-crime gang were probably purchased via one of Stark's resellers.

The cybersecurity firm claimed that reseller schemes were typical in the hosting sector and that several of the biggest virtual private server (VPS) providers provided them. The business further stated that clients who purchase infrastructure through resellers are typically required to abide by the terms of service provided by the "parent" organization.

Additionally, Team Cymru reported that it has discovered new infrastructure connected to FIN7 activity. These included three IP addresses assigned to SmartApe, an Estonian cloud hosting company, and four IP addresses belonging to Post Ltd., a broadband provider operating in southern Russia.

Over the past 30 days, the first cluster has been seen communicating outward with at least 15 Stark-assigned hosts that Silent Push has previously identified (such as 86.104.72 [.]16). Similarly, it has been determined that the second cluster from Estonia is in communication with a minimum of sixteen hosts designated for Stark.