Evil Has New Cyber Weapons

Uploaded on 2022-09-13 in TECHNOLOGY--Hackers, TECHNOLOGY--Developments, FREE TO VIEW

New data released by Prodaft Threat Intelligence (PTI) explains how the Evil Corp ransomware gang, also known as TA505 and UNC2165, has expanded its cyber weapon arsenal to include TeslaGun.

The cyber attack panel referred to as TeslaGun has been leveraged by the group to help conduct phishing campaigns and ServHelper backdoor campaigns. The campaigns have targeted more than 8,000 different organisations and individuals, according to PTI.

The group has also been expanding the ServHelper backdoor malware that has been around since at least 2019. Evil began to use a latest version of the tool in 2021, according to security researchers at Cisco Talos. The majority of the malicious hacking group’s targets to date have been in the US. 

Most recently, the backdoor has been identified in attacks that drop hidden cryptominers on systems. "The group does exhibit some weaknesses, however. While TA505 can maintain hidden connections on victims’ devices for months, its members are often unusually noisy," the report said. "After installing ServHelper, TA505 threat actors may manually connect to victim devices through RDP tunneling. Security technologies capable of detecting these tunnels may prove vital for catching and mitigating TA505's backdoor attacks."

The Russian-linked Evil Corp has been one of the most prolific groups of the last five years. According to the US government, the group is behind the financial Trojan Dridex and has associations with campaigns using ransomware variants like WastedLocker.

The US Treasury Department's Office of Foreign Assets Control sanctioned Evil Corp in 2019, citing the group's extensive development and use and control of the Dridex malware . Since the sanctions were announced, Evil Corp-affiliated actors have changed their name a number of times.

 According to the US Treasury “Evil Corp has used the Dridex malware to infect computers and harvest login credentials from hundreds of banks and financial institutions in over 40 countries, causing more than $100 million in theft...  This malicious software has caused millions of dollars of damage to US and international financial institutions and their customers.”

Prodraft:   US Treasury Dept:    Oodaloop:     Dark Reading:    Mandiant:     CPS VO:

You Might Also Read: 

Russian Hackers Account For 74% Of Ransomware Proceeds:

 

« US Tech Firms Forbidden To Manufacture In China
New Cyber Security Laws For Telecoms Providers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cloud Industry Forum (CIF)

Cloud Industry Forum (CIF)

Cloud Industry Forum is a non-profit industry body that champions and advocates the adoption and use of Cloud-based services by businesses and individuals.

InformationWeek

InformationWeek

InformationWeek is the world's most trusted online community for business technology professionals like you.

Cortado Mobile Solutions

Cortado Mobile Solutions

Cortado Mobile Solutions is the manufacturer of the mobile device management solution Cortado MDM.

TestingXperts

TestingXperts

TestingXperts is a specialist software QA and testing company.

CipherPoint Software

CipherPoint Software

CipherPoint Software provides data-centric auditing and protection solutions for securing unstructured information

Avanan

Avanan

Avanan is The Cloud Security Platform. Protect all your SaaS applications using tools from over 60 industry-leading vendors in just one click.

AVG Technologies

AVG Technologies

AVG is focused on providing home and business computer users with the most comprehensive and proactive protection against computer security threats.

ComTrue Technologies

ComTrue Technologies

ComTrue Technologies is a developer and provider of personal information protection and cyber security solutions and services.

Digital Hands

Digital Hands

Digital Hands is an award-winning managed security services provider.

Jamcracker

Jamcracker

Jamcracker is a cloud services management and cloud governance solutions company, with more than a decade of experience providing industry leading software and services.

Sopher Networks

Sopher Networks

Sopher is a secure communication and collaboration platform for business and personal use.

Aujus Cybersecurity

Aujus Cybersecurity

Aujas is a pure-play cyber security services company with deep expertise in Identity and Access Management, Managed Security and Security Testing services.

TrustMAPP

TrustMAPP

TrustMAPP automates cybersecurity & privacy assessments, with universal workflow, allowing teams to generate analytics and recommendations to align priorities for improvement.

Clear Skye

Clear Skye

Clear Skye, an Identity Access and Management (IAM) software company, reimagines enterprise identity access and risk management software to make a complicated problem easier to manage.

Securance Consulting

Securance Consulting

Since 2002, Securance has empowered enterprises to assume proactive security, compliance, and risk management strategies.

xdr.global

xdr.global

Xdr.global is a cybersecurity consulting firm, focused on promoting and aligning Extended Detection and Response (XDR) security solutions.