Evil Has New Cyber Weapons

Uploaded on 2022-09-13 in TECHNOLOGY--Hackers, TECHNOLOGY--Developments, FREE TO VIEW

New data released by Prodaft Threat Intelligence (PTI) explains how the Evil Corp ransomware gang, also known as TA505 and UNC2165, has expanded its cyber weapon arsenal to include TeslaGun.

The cyber attack panel referred to as TeslaGun has been leveraged by the group to help conduct phishing campaigns and ServHelper backdoor campaigns. The campaigns have targeted more than 8,000 different organisations and individuals, according to PTI.

The group has also been expanding the ServHelper backdoor malware that has been around since at least 2019. Evil began to use a latest version of the tool in 2021, according to security researchers at Cisco Talos. The majority of the malicious hacking group’s targets to date have been in the US. 

Most recently, the backdoor has been identified in attacks that drop hidden cryptominers on systems. "The group does exhibit some weaknesses, however. While TA505 can maintain hidden connections on victims’ devices for months, its members are often unusually noisy," the report said. "After installing ServHelper, TA505 threat actors may manually connect to victim devices through RDP tunneling. Security technologies capable of detecting these tunnels may prove vital for catching and mitigating TA505's backdoor attacks."

The Russian-linked Evil Corp has been one of the most prolific groups of the last five years. According to the US government, the group is behind the financial Trojan Dridex and has associations with campaigns using ransomware variants like WastedLocker.

The US Treasury Department's Office of Foreign Assets Control sanctioned Evil Corp in 2019, citing the group's extensive development and use and control of the Dridex malware . Since the sanctions were announced, Evil Corp-affiliated actors have changed their name a number of times.

 According to the US Treasury “Evil Corp has used the Dridex malware to infect computers and harvest login credentials from hundreds of banks and financial institutions in over 40 countries, causing more than $100 million in theft...  This malicious software has caused millions of dollars of damage to US and international financial institutions and their customers.”

Prodraft:   US Treasury Dept:    Oodaloop:     Dark Reading:    Mandiant:     CPS VO:

You Might Also Read: 

Russian Hackers Account For 74% Of Ransomware Proceeds:

 

« US Tech Firms Forbidden To Manufacture In China
New Cyber Security Laws For Telecoms Providers »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Orolia

Orolia

Orolia are experts in deploying high precision GPS time through network infrastructure to synchronize critical operations.

Panzura

Panzura

Panzura optimizes enterprise data storage management and distribution in the cloud, making cloud storage simple and secure.

Snort

Snort

Snort is an open source intrusion prevention system capable of real-time traffic analysis and packet logging.

Cynterra

Cynterra

Cynterra is a next generation cloud cyber security and data analytical service provider offering cloud security compliance, data protection, visibility and threat protection services.

Garner Products

Garner Products

Garner design, manufacture, and sell equipment that delivers complete, permanent, and verifiable data elimination.

Quantum Generation

Quantum Generation

Quantum Cyber Security for a new age of communications. We are developing the largest decentralized orbital, and ground quantum mesh network based on blockchain technology.

Stellar Cyber

Stellar Cyber

Stellar Cyber makes Open XDR, the only comprehensive security platform providing maximum protection of applications and data wherever they reside.

Netragard

Netragard

Netragard has an established reputation for providing high-quality offensive and defensive security services.

Privacera

Privacera

Privacera enables consistent data governance, security, and compliance across all your data services - on-premises and in the cloud - so you can maximize the value of your data.

Internet Crime Complaint Center (IC3)

Internet Crime Complaint Center (IC3)

The Internet Crime Complaint Center provide the public with a reporting mechanism to submit information to the FBI concerning suspected Internet-facilitated criminal activity.

CornerStone

CornerStone

CornerStone is an award winning, independent risk, cyber and security consulting firm providing a range of Risk Management, Security Design and Implementation Management Services.

Accenture

Accenture

Accenture is a leading global professional services company providing a range of strategy, consulting, digital, technology & operations services and solutions including cybersecurity.

Omantel Innovation Labs

Omantel Innovation Labs

The Omantel Innovation Labs is a platform to enable startups and innovators to develop and commercialize solutions within selected technology verticals including cybersecurity.

Ampsight

Ampsight

Ampsight specializes in enabling cloud integration, securing data, and navigating complications that drive critical-mission success.

Continent 8 Technologies

Continent 8 Technologies

Continent 8 Technologies is the leading provider of managed hosting, connectivity, cloud and cybersecurity solutions to the global online gambling industry.

The Aerospace Corporation

The Aerospace Corporation

The Aerospace Corporation is playing a key role in advancing space cybersecurity through innovative prototypes that can quickly detect and mitigate cyber threats.