Security News > 2021 > May > Russian 'Evil Corp' Cybercriminals Possibly Evolved Into Cyberspies
The infamous cybercrime organization known as Evil Corp may be running cyberespionage operations on behalf of a Russian intelligence agency, security consulting company Truesec reports.
Evil Corp is allegedly run by Russian nationals Maksim Yakubets and Igor Turashev, who were charged by the United States in 2019.
New evidence that Truesec security researchers have uncovered validates the assumption of a close relation between the cyber-crime group and the Kremlin, and even suggests that Evil Corp might have evolved into a cyberespionage group that is using ransomware attacks to disguise its true intentions.
Analysis of a ransomware incident involving Evil Corp has revealed the use of tools, techniques and procedures previously associated with the sophisticated cyber-espionage group SilverFish, which was recently associated with the SolarWinds attack.
Network discovery started minutes later and the adversary "Achieved full infrastructure compromise within four hours from the initial breach." Common vulnerabilities were exploited as part of the attack, with manual operations started minutes after initial compromise, which is "Remarkable, considering that the attack vector was a drive-by attack," Truesec notes.
Truesec's researchers believe that Evil Corp's close ties with Russian intelligence might have resulted in the already sophisticated threat actor evolving from a financially motivated cybercrime organization into a cyberespionage group.