The infamous cybercrime organization known as Evil Corp may be running cyberespionage operations on behalf of a Russian intelligence agency, security consulting company Truesec reports.
Active since at least 2009 and also referred to as TA505, the hacking group is known for the use of the Dridex banking Trojan, but also for ransomware families such as Locky, Bart, Jaff, and BitPaymer, along with the more recent WastedLocker and Hades.
Evil Corp is allegedly run by Russian nationals Maksim Yakubets and Igor Turashev, who were charged by the United States in 2019. In addition to deploying financial malware and causing tens of millions in losses, Yakubets has been working for Russian intelligence since at least 2017, the indictment said.
New evidence that Truesec security researchers have uncovered validates the assumption of a close relation between the cyber-crime group and the Kremlin, and even suggests that Evil Corp might have evolved into a cyberespionage group that is using ransomware attacks to disguise its true intentions.
Analysis of a ransomware incident involving Evil Corp has revealed the use of tools, techniques and procedures (TTPS) ..
Support the originator by clicking the read the rest link below.
