The hacker collective Evilnum is active again and is targeting financial institutions in Europe. This is what IT security researcher Matías Porolli announced on the Eset blog.
The aim of the group is to infiltrate and spy on fintech companies with spear phishing emails and thus to obtain sensitive information about the companies, their activities and customers.
According to Eset, such attacks are mostly aimed at support or customer care. Evilnum wants to gain access to spreadsheets and documents with customer data, international presentations, software licenses and credentials, cookies and session information as well as customer credit card information, according to an Eset study from June 2020.
With spear phishing emails, the group wanted to get recipients to click a link to a ZIP file and extract it. Apart from a supposed invoice and apparent IDs, these emails also contained malware. At first glance, the invoice and the supposed identity document look authentic. Eset warns that great caution is required.
Method already known
Such activities by the advanced persistent threat group Evilnum against fintech companies could already be detected in December and January, says Eset researcher Porolli. Research by Eset has shown that the Evilnum collective has been active since 2018, it said.
The know-your-customer process is widespread among fintech companies and serves to verify the identity of their users.
The hacking group used exactly this principle to penetrate the company network. Tools are becoming more and more experienced and new types of malware components are used, as Porolli explains.
Eset publishes the exact Indicators of Compromise (IOCs), which Evilnum uses to infiltrate fintech company networks, on Github.com. In the July 2020 study, Eset analyzed Evilnum’s operations.
The study provides details on the processes of such attack attempts and the programs used for them. Especially due to the corona pandemic, cybercriminal groups like Evilnum are more than ever a serious threat to assets, security and privacy.