Security News > 2020 > September > Evilnum Cyberspies Update Arsenal in Recent Attacks
The threat group tracked as Evilnum was observed using updated tactics and tools in recent attacks, Cybereason's Nocturnus research team reported last week.
Initially detailed in 2018, Evilnum appears to have been active for nearly a decade, offering 'mercenary' hack-for-hire services, a recent report from Kaspersky revealed.
Focused on espionage, Evilnum recently switched from delivering ZIP archives containing multiple LNK files to including a single LNK in the archive, which masquerades as a PDF, Cybereason reveals.
Evilnum has remained constant in the targeting of European fintech companies over the past couple of years, but evolved tactics, techniques and procedures to ensure the success of its attacks, and the recent changes are not surprising.
"In recent weeks we observed a significant change in the infection procedure of the group, moving away from the JavaScript backdoor capabilities, instead utilizing it as a first stage dropper for new tools down the line. During the infection stage, Evilnum utilized modified versions of legitimate executables in an attempt to stay stealthy and remain undetected by security tools. [] This innovation in tactics and tools is what allowed the group to stay under the radar, and we expect to see more in the future as the Evilnum group's arsenal continues to grow," the Nocturnus researchers conclude.