Security News > 2022 > June > Evilnum hackers return in new operation targeting migration orgs
The Evilnum hacking group is showing renewed signs of malicious activity, targeting European organizations that are involved in international migration.
Evilnum is an APT that has been active since at least 2018 and had its campaign and tools exposed only recently, in 2020.
The targeting and the timing coincided with the Russian invasion of Ukraine, with key migration organizations receiving malicious emails containing macro-laden documents.
Embed the encoded string inside the cookie header field by selecting one of the cookie type strings from the configuration.
The C2 may answer with a new encrypted payload. Additionally, the backdoor captures machine snapshots and sends them to the C2 via POST requests, exfiltrating stolen data in an encrypted form.
This report highlights that Evilnum is still an active threat, so defenders are advised to use the IoCs provided by Zscaler to protect their networks.