Sunday, March 7, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Researchers connect Evilnum hacking group to cyberattacks against Fintech firms

July 9, 2020
in Internet Security
Researchers connect Evilnum hacking group to cyberattacks against Fintech firms
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Evilnum has been detected in the wild since 2018 with links made between the advanced persistent threat (APT) group and attacks against financial technology firms. 

Beyond the group’s taste for Fintech targets, however, little has been explored in terms of the group’s tools, techniques, or potential ties to other cyberattackers. 

You might also like

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool

Cyberattack shuts down online learning at 15 UK schools

Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments

Researchers from ESET have been investigating the APT for some time, and on Thursday, published an analysis of the threat group. 

According to the team, Evilnum has focused on targets located in Europe and the United Kingdom, although some victims are also located in Australia and Canada. 

As with many cyberattackers that specialize in financial targets, the aim is to infiltrate corporate networks, grab access credentials, and steal valuable financial information that can then either be used for fraudulent purchases or sold on in bulk to other criminals. 

See also: Promethium APT attacks surge, new Trojanized installers uncovered

Evilnum’s preliminary attack vector is a common one: approach the target with spearphishing emails. While standard phishing emails are often used in ‘spray and pray’ tactics, these messages will utilize social engineering and will contain information that makes the emails appear to be genuine to technical support representatives and account managers. 

The emails contain a link to a .zip file hosted on Google Drive. Once extracted, malicious .LNK files will lead to decoy documents that appear to be files relating to Know Your Customer (KYC) data, such as copies of driving licenses or bills with proof of address. 

However, these documents will then execute a range of malicious components to compromise corporate networks. 

Evilnum’s toolset has evolved in recent years and now includes custom malware — including the Evilnum malware family — as well as hacking tools purchased from Golden Chickens, a group ESET says is a Malware-as-a-Service (MaaS) provider which also counts FIN6 and Cobalt Group among its clientele. 

CNET: Best home security cameras of 2020

These tools include ActiveX components (OCX files) containing TerraLoader, a dropper for other malware made available to Golden Chickens customers, such as the More_eggs backdoor, a DLL search order hijacking suite, and a sophisticated remote access program. 

“We believe that FIN6, Cobalt Group, and Evilnum group are not the same, despite the overlaps in their toolsets. They just happen to share the same MaaS provider,” ESET noted.

If a victim opens a decoy document, the Evilnum malware, Python-based tools, or Golden Chickens components will launch. Each tool has a link to a separate command-and-control (C2) server and operates independently, whether for information theft, persistence, the deployment of additional malware, or other malicious functions. 

The main Evilnum payload focuses on theft, including any account credentials saved in the Google Chrome browser as well as cookies, and will scour infected systems for credit card information, ID documents, customer lists, investments and trading documents, software licenses, and VPN configurations. 

TechRepublic: Bitdefender unveils Human Risk Analytics to protect against human error

The researchers have connected the group to a variety of Fintech-based attacks, but do not believe this is enough to link them to any other APT at present. 

“The targets are very specific and not numerous,” ESET says. “This, and the group’s use of legitimate tools in its attack chain, have kept its activities largely under the radar. We were able to join the dots and discover how the group operates, uncovering some overlaps with other known APT groups. We think this and other groups share the same MaaS provider, and the Evilnum group cannot yet be associated with any previous attacks by any other APT group.”

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Credit: Zdnet

Previous Post

Joker Malware Apps Once Again Bypass Google's Security to Spread via Play Store

Next Post

Why SEO & Machine Learning Are Joining Forces

Related Posts

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool
Internet Security

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool

March 7, 2021
Cyberattack shuts down online learning at 15 UK schools
Internet Security

Cyberattack shuts down online learning at 15 UK schools

March 6, 2021
Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments
Internet Security

Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments

March 6, 2021
$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud
Internet Security

$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud

March 6, 2021
These two unusual versions of ransomware tell us a lot about how attacks are evolving
Internet Security

These two unusual versions of ransomware tell us a lot about how attacks are evolving

March 6, 2021
Next Post
Why SEO & Machine Learning Are Joining Forces

Why SEO & Machine Learning Are Joining Forces

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool
Internet Security

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool

March 7, 2021
How Optimizing MLOps can Revolutionize Enterprise AI
Machine Learning

How Optimizing MLOps can Revolutionize Enterprise AI

March 6, 2021
Cyberattack shuts down online learning at 15 UK schools
Internet Security

Cyberattack shuts down online learning at 15 UK schools

March 6, 2021
Facebook enhances AI computer vision with SEER
Machine Learning

Facebook enhances AI computer vision with SEER

March 6, 2021
Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments
Internet Security

Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments

March 6, 2021
Hands-on Guide to Interpret Machine Learning with SHAP –
Machine Learning

Hands-on Guide to Interpret Machine Learning with SHAP –

March 6, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool March 7, 2021
  • How Optimizing MLOps can Revolutionize Enterprise AI March 6, 2021
  • Cyberattack shuts down online learning at 15 UK schools March 6, 2021
  • Facebook enhances AI computer vision with SEER March 6, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates