Evil Has New Cyber Weapons

New data released by Prodaft Threat Intelligence (PTI) explains how the Evil Corp ransomware gang, also known as TA505 and UNC2165, has expanded its cyber weapon arsenal to include TeslaGun.

The cyber attack panel referred to as TeslaGun has been leveraged by the group to help conduct phishing campaigns and ServHelper backdoor campaigns. The campaigns have targeted more than 8,000 different organisations and individuals, according to PTI.

The group has also been expanding the ServHelper backdoor malware that has been around since at least 2019. Evil began to use a latest version of the tool in 2021, according to security researchers at Cisco Talos. The majority of the malicious hacking group’s targets to date have been in the US. 

Most recently, the backdoor has been identified in attacks that drop hidden cryptominers on systems. "The group does exhibit some weaknesses, however. While TA505 can maintain hidden connections on victims’ devices for months, its members are often unusually noisy," the report said. "After installing ServHelper, TA505 threat actors may manually connect to victim devices through RDP tunneling. Security technologies capable of detecting these tunnels may prove vital for catching and mitigating TA505's backdoor attacks."

The Russian-linked Evil Corp has been one of the most prolific groups of the last five years. According to the US government, the group is behind the financial Trojan Dridex and has associations with campaigns using ransomware variants like WastedLocker.

The US Treasury Department's Office of Foreign Assets Control sanctioned Evil Corp in 2019, citing the group's extensive development and use and control of the Dridex malware . Since the sanctions were announced, Evil Corp-affiliated actors have changed their name a number of times.

 According to the US Treasury “Evil Corp has used the Dridex malware to infect computers and harvest login credentials from hundreds of banks and financial institutions in over 40 countries, causing more than $100 million in theft...  This malicious software has caused millions of dollars of damage to US and international financial institutions and their customers.”

Prodraft:   US Treasury Dept:    Oodaloop:     Dark Reading:    Mandiant:     CPS VO:

You Might Also Read: 

Russian Hackers Account For 74% Of Ransomware Proceeds:

 

« US Tech Firms Forbidden To Manufacture In China
New Cyber Security Laws For Telecoms Providers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ACME Communications

ACME Communications

ACME Communications specialises in the field of data centre, implementation, maintenance & operation and all aspects of other IT service.

Singapore Cybersecurity Consortium

Singapore Cybersecurity Consortium

Singapore Cybersecurity Consortium was created to encourage use-inspired research, training and technology awareness in cybersecurity.

DNV

DNV

DNV are the independent expert in assurance and risk management. We deliver world-renowned testing, certification and technical advisory services.

Advanced Software Products Group (ASPG)

Advanced Software Products Group (ASPG)

ASPG offers a wide range of innovative mainframe software solutions for Data Security, Access Management, System Management and CICS productivity.

Avatao

Avatao

Avatao is an online training platform for building secure software, offering a rich library of hands-on IT security exercises for software engineers to teach secure programming.

Appvisory

Appvisory

Appvisory by MediaTest Digital is the leading Mobile Application Management-Software in Europe and enables enterprises to work secure on smartphones and tablets.

Mend.io

Mend.io

Mend.io (formerly known as WhiteSource) is an application security company built to secure today’s digital world.

Haechi Audit

Haechi Audit

Haechi Audit is a leading smart contract security audit firm. We provide the most secure smart contract security audit and smart contract development services to our global clients.

Enterprise Incubator Foundation (EIF)

Enterprise Incubator Foundation (EIF)

Enterprise Incubator Foundation (EIF) of Armenia is one of the largest technology business incubators and IT development agencies in the region.

ESC - Enterprise Security Center

ESC - Enterprise Security Center

ESC is a system house specializing exclusively in IT security - Security Implementation & Optimization, Operations, Managed Security Services.

Byos

Byos

Byos provides visibility of devices across all networks, regardless of location, integrating with your existing security stack.

OneLayer

OneLayer

OneLayer provide enterprise grade security dedicated for private LTE/5G networks. We ensure that the best IoT security toolkit is implemented in your cellular environment.

Tailscale

Tailscale

Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly.

Unisys

Unisys

Unisys is a global information technology company providing industry-focused solutions integrated with leading-edge security to clients in the government, financial services and commercial markets.

Contextal

Contextal

Contextal develops cutting-edge open-source cybersecurity solutions, designed to connect the dots and detect complex threats, which slip through the existing protections.

Beaming

Beaming

Beaming is an established Internet Service Provider for businesses across the UK. We deliver reliable voice, data and managed services, including cybersecurity.