Evil Has New Cyber Weapons

Uploaded on 2022-09-13 in TECHNOLOGY--Hackers, TECHNOLOGY--Developments, FREE TO VIEW

New data released by Prodaft Threat Intelligence (PTI) explains how the Evil Corp ransomware gang, also known as TA505 and UNC2165, has expanded its cyber weapon arsenal to include TeslaGun.

The cyber attack panel referred to as TeslaGun has been leveraged by the group to help conduct phishing campaigns and ServHelper backdoor campaigns. The campaigns have targeted more than 8,000 different organisations and individuals, according to PTI.

The group has also been expanding the ServHelper backdoor malware that has been around since at least 2019. Evil began to use a latest version of the tool in 2021, according to security researchers at Cisco Talos. The majority of the malicious hacking group’s targets to date have been in the US. 

Most recently, the backdoor has been identified in attacks that drop hidden cryptominers on systems. "The group does exhibit some weaknesses, however. While TA505 can maintain hidden connections on victims’ devices for months, its members are often unusually noisy," the report said. "After installing ServHelper, TA505 threat actors may manually connect to victim devices through RDP tunneling. Security technologies capable of detecting these tunnels may prove vital for catching and mitigating TA505's backdoor attacks."

The Russian-linked Evil Corp has been one of the most prolific groups of the last five years. According to the US government, the group is behind the financial Trojan Dridex and has associations with campaigns using ransomware variants like WastedLocker.

The US Treasury Department's Office of Foreign Assets Control sanctioned Evil Corp in 2019, citing the group's extensive development and use and control of the Dridex malware . Since the sanctions were announced, Evil Corp-affiliated actors have changed their name a number of times.

 According to the US Treasury “Evil Corp has used the Dridex malware to infect computers and harvest login credentials from hundreds of banks and financial institutions in over 40 countries, causing more than $100 million in theft...  This malicious software has caused millions of dollars of damage to US and international financial institutions and their customers.”

Prodraft:   US Treasury Dept:    Oodaloop:     Dark Reading:    Mandiant:     CPS VO:

You Might Also Read: 

Russian Hackers Account For 74% Of Ransomware Proceeds:

 

« US Tech Firms Forbidden To Manufacture In China
New Cyber Security Laws For Telecoms Providers »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ESG Elektroniksystem- und Logistik-GmbH

ESG Elektroniksystem- und Logistik-GmbH

ESG offer a comprehensive portfolio of cyber and IT services ranging from consulting, solutions and operations to testing, simulation and training.

ElcomSoft

ElcomSoft

ElcomSoft is a global leader in computer and mobile forensics, IT security and forensic data recovery.

Privitar

Privitar

Privitar is leading the development and adoption of privacy engineering technology enabling our customers to innovate and leverage data with an uncompromising approach to data privacy.

DynaRisk

DynaRisk

DynaRisk helps companies protect their staff, clients and supply chain from cyber threats by enabling people to take action for themselves.

Entel CyberSecure

Entel CyberSecure

Entel CyberSecure is a portfolio of Cybersecurity solutions and services for the protection, defense, risk management and regulatory compliance of ICT Systems for corporations and Government.

Lumu Technologies

Lumu Technologies

Lumu is a cybersecurity company that illuminates threats and attacks affecting enterprises worldwide.

ProofID

ProofID

ProofID is a specialist provider of Identity Access Management (IAM) solutions. We focus on the solving the complex needs of the modern enterprise.

L3Harris Technologies

L3Harris Technologies

L3Harris Technologies is a global aerospace and defense technology innovator, delivering solutions to meet mission-critical needs across air, land, sea, space and cyber domains.

Cyber Intelligence House (CIH)

Cyber Intelligence House (CIH)

Cyber Intelligence House provides risk exposure solutions for a wide range of audiences including companies, government agencies, regulators, investors, law enforcement and consumers.

Presidio

Presidio

Presidio is a leading North American IT solutions provider focused on Digital Infrastructure, Business Analytics, Cloud, Security & Emerging solutions.

Cyber and Fraud Centre – Scotland

Cyber and Fraud Centre – Scotland

The Cyber and Fraud Centre – Scotland exists to ensure Scottish organisations are as resilient as they can be against cyber and fraud crime.

DataGuard

DataGuard

DataGuard is a security and compliance software company trusted by organisations across the globe.

EyBrids

EyBrids

As a forward-thinking cybersecurity consulting firm, we believe that robust security is the foundation for innovation and growth in today’s digital landscape.

METCLOUD

METCLOUD

METCLOUD is driving a cloud evolution. A cloud that promises relentless cybersecurity, performance, resilience and sustainability.

Operant Networks

Operant Networks

Operant Networks mission is to provide Operational Technology (OT) teams with solutions that simplify their increasingly complex worlds.

Emergence Insurance

Emergence Insurance

Emergence is an insurance underwriting agency, focused on providing insurance solutions to help protect businesses and families against their cyber risks.