The group is also known to use legitimate security tools and living-of-the-land techniques to evade security solutions and operate undetected, including publicly available tools such as Cobalt Strike, Covenant, Donut, Kodiac, MimiKatz, PowerShell Empire, and PowerSploit, along with many self-developed tools.ĭue to the extensive range of malware and ransomware variants and custom tools used by the group, multiple defensive measures and mitigations are required to detect and block attacks. One of the main methods used to gain initial access to victims’ networks is phishing. They also have extensive technical capabilities, both in-house and through associations with other cybercriminal operations. The group is heavily reliant on money mules for receiving payments extorted from its victims, and at least 8 Moscow-based individuals are known to have served as financial facilitators for the group and are involved in moving the profits from the attacks in a way to prevent the money being traced by law enforcement.ĭue to the number of malware and ransomware variants used by Evil Group, they employ a wide range of tactics, techniques, and procedures in their attacks.
Several other high-ranking members of the group have also been identified and are currently being sought by the FBI and other law enforcement agencies. In addition to running the operation, Yakubets interfaces with the Russian government and is known to have been tasked with projects on behalf of the Russin FSB. The leader of Evil Corp, Maksim Yakubets, was indicted by a Federal grand jury in 2019 and was charged with conspiracy, computer hacking, wire fraud, and bank fraud related to the distribution of Bugat malware, the predecessor of Dridex.
The group has access to several third-party malware strains, including the TrickBot and Emotet Trojans, and has links to major ransomware and cybercriminal operations worldwide.Įvil Corp has been the subject of multiple law enforcement operations. HC3 warns that Evil Corp may conduct attacks at the request of the Russian government, including attacks that steal intellectual property, and members of the group are known to cooperate with the Russian intelligence agencies. Evil Corp’s malware and ransomware variants have been used in many cyberattacks on the HPH sector, one of the most well-known being the BitPaymer ransomware attack on the National Health Service (NHS) Lanarkshire Board in Scotland in 2017.Įvil Corp’s primary modus operandi in recent years is conducting digital extortion attacks, including the use of ransomware, and the theft of sensitive information. The group operates out of Russia and has been operational since at least 2009 and is responsible for the infamous Dridex banking Trojan and several other ransomware and malware variants, including BitPaymer, Hades, Phoenixlocker, WastedLocker, SocGholish, GameOver Zeus, and JabberZeus.
The Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to the healthcare and public health sector (HPH) about one of the most capable and aggressive cybercrime syndicates currently in operation – Evil Corp. Healthcare Organizations Warned About Evil Corp.
0 kommentar(er)
