• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Evil Corp Hacker Group Changes Ransomware Tactics to Evade US Sanctions

You are here: Home / General Cyber Security News / Evil Corp Hacker Group Changes Ransomware Tactics to Evade US Sanctions
June 7, 2022

Russian hacker group Evil Corp has reportedly current its attack techniques to keep away from sanctions prohibiting US corporations from shelling out it a ransom.

The change was noted by menace intelligence agency Mandiant, who not long ago wrote a blog post attributing a series of Lockbit ransomware intrusions to UNC2165, a danger cluster sharing several overlaps with Evil Corp.

UNC2165 was sanctioned by the US Treasury Division in 2019 for working with the Dridex malware to infect hundreds of banks and economical institutions throughout 40 nations and thieving a lot more than $10m.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


From a regulatory standpoint, these sanctions effectively prevented targeted organizations from having to pay UNC2165 a ransom to restore obtain to their techniques.

“These sanctions have experienced a immediate affect on threat actor functions, especially as at minimum some organizations involved in ransomware remediation routines, these as negotiation, refuse to aid payments to regarded sanctioned entities,” wrote Mandiant.

“This can ultimately minimize danger actors’ ability to be compensated by victims, which is the most important driver of ransomware operations.”

At the exact time, to hide evidence of the group’s involvement (so that compromised corporations had been extra probably to spend the ransom), Evil Corp/UNC2165 has reportedly changed tactics over the past couple of decades, switching from the WastedLocker to the Hades ransomware.

In accordance to Mandiant, the hacking group would have adjusted strategies at the time once more and began using the ransomware-as-a-support (RaaS) identified as Lockbit from early 2021.

“The adoption of an present ransomware is a normal evolution for UNC2165 to try to obscure their affiliation with Evil Corp,” wrote the danger intelligence firm.

“Using this RaaS would allow UNC2165 to blend in with other affiliate marketers, requiring visibility into previously phases of the attack lifecycle to adequately attribute the exercise, compared to prior operations that may possibly have been attributable based on the use of an distinctive ransomware.”

Mandiant concluded their article by suggesting that the actors behind UNC2165 operations could go on to consider more measures to distance by themselves from the Evil Corp title in the long term.

“We anticipate these actors as well as other people who are sanctioned in the long run to acquire steps these types of as these to obscure their identities in purchase to make sure that it is not a restricting factor to obtaining payments from victims.”


Some areas of this short article are sourced from:
www.infosecurity-magazine.com

Previous Post: «evil corp cybercrime group shifts to lockbit ransomware to evade Evil Corp Cybercrime Group Shifts to LockBit Ransomware to Evade Sanctions
Next Post: Google Publishes Monthly Android Security Bulletin, Patches Critical Vulnerabilities Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.