The Evilnum group threatens trading operators
Evilnum targets trading and finance
The main objective is to implement a real espionage campaign so as to be able to reach out to financial information to be used for malicious purposes. There is talk of the subtraction of sensitive information including those relating to credit cards and identity documents, spreadsheets with customer lists and other details regarding investments and transactions. Also targeting software licenses and access credentials. This is the comment of Matias Porolli, ESET researcher working on the investigation.We have detected and documented this malware as early as 2018, but so far little has been said about the group that moves the ranks of this malware and about how it works. Its tool set and infrastructure have evolved and now consist of a mix of custom malware combined with tools purchased from Golden Chickens, a malware-as-a-service provider that other illicit organizations like FIN6 and Cobalt also target Group for their purchases.
Evilnum members are also believed to have been able to steal data from IT departments in the affected areas, including those related to VPN configurations. The action of the malware would have extended to the interception of the passwords saved in Google Chrome and to the cookies generated during the browsing phase. Porolli continues.
The companies selected are engaged with email spear-phishing that contain a link to a zip file uploaded on Google Drive. This archive contains a series of shortcut file that will extract and perform harmful components, while the user is viewing a document bait. Evilnum leverages large infrastructure for its operations using different server depending on the different types of communication.
Source: WeLiveSecurity
