Ransomware, Threat Management
US sanctions prompt Evil Corp hacking operation changes
Share
TechCrunch reports that Russian hacking gang Evil Corp has begun leveraging the LockBit ransomware in its attacks as it moved to a ransomware-as-a-service operation following sanctions imposed by the U.S. Treasury's Office of Foreign Assets Control in December 2019.
Mandiant researchers discovered that UNC2165, which had significant similarities with EvilCorp including the utilization of Hades ransomware and several infrastructure overlaps has been using the LockBit RaaS to conceal its operations with other Evil Corp affiliates as it sought to bypass U.S. sanctions.
"The adoption of existing ransomware is a natural evolution for UNC2165 to attempt to obscure their affiliation with Evil Corp. Its adoption could also temporarily afford the actors more time to develop completely new ransomware from scratch, limiting the ability of security researchers to easily tie it to previous Evil Corp operations," said researchers.
The findings come after an alleged attack by the dismantled REvil ransomware group against an Akamai customer, which security researchers have already dismissed as a copycat operation.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Related Terms
BackdoorBotnetCorruptionCovert ChannelsDarknetDeepfakeDefacementDenial of ServiceDictionary AttackDistributed ScansGet daily email updates
SC Media's daily must-read of the most current and pressing daily news