Experts from eSentire established that the infrastructure used to hack Cisco in May 2022 was exploited to compromise an unnamed HR solutions company a month earlier. Researchers believe that malicious actors associated with Evil Corp. are behind these incidents. Let me remind you that we also said that Cisco Won’t Fix an RCE Vulnerability in… Continue reading Cisco Hack Is Linked to Russian-Speaking Hackers from Evil Corp
Results for "Evil Corp"
Microsoft Links Raspberry Robin Worm to Evil Corp
Microsoft analysts have noticed that the access broker, which the company tracks as DEV-0206, is using the Raspberry Robin Windows worm to deploy the malware loader on networks where traces of malicious activity by Evil Corp are also detected. Let me remind you that we also wrote that The Austrian Company DSIRF Was Linked to… Continue reading Microsoft Links Raspberry Robin Worm to Evil Corp
Evil Corp Switched to Using LockBit Malware to Avoid Sanctions
The Evil Corp group switched to using the LockBit ransomware to avoid sanctions imposed earlier by the Office of Foreign Assets Control of the US Department of the Treasury (OFAC). Let me remind you that Evil Corp has existed since at least 2007, but at first hackers more often acted as partners for other groups.… Continue reading Evil Corp Switched to Using LockBit Malware to Avoid Sanctions
Evil Corp Ransomware Posing As PayloadBin Group To Avoid US Sanctions
Operators of new ransomware PayloadBIN, linked to the cybercriminal group Evil Corp, are trying to avoid sanctions imposed by the Office of Foreign Assets Control of the US Treasury Department (OFAC). Members of Evil Corp (also known as Indrik Spider and Dridex) started out as partners with the ZeuS botnet operators. Over time, Evil Corp… Continue reading Evil Corp Ransomware Posing As PayloadBin Group To Avoid US Sanctions
Evil Corp returns to criminal activity with WastedLocker ransomware
Fox-IT experts talked about the latest activity of the famous hacker group Evil Corp. According to analysts, the group came back to life in January of this year and conducted several malicious campaigns, and then completely resumed activity with new tools – such as the WastedLocker ransomware. Let me remind you that the Evil Corp… Continue reading Evil Corp returns to criminal activity with WastedLocker ransomware
US authorities arrest Kaseya hacker and attacker associated with REvil and GandCrab
Law enforcement agencies, as well as European and American authorities, have taken up the fight against ransomware in earnest and the other day they arrested a Kaseya hacker. However, over the past few days, several important events have taken place at once. Operation Cyclone, which was carried out by Interpol, the law enforcement agencies of… Continue reading US authorities arrest Kaseya hacker and attacker associated with REvil and GandCrab
FBI Kept Secret Key To Decrypt Data After REvil Attacks
Journalists of The Washington Post found out how the FBI obtained the key to decrypt the data, which was affected in the attacks of the REvil ransomware. First, should be recalled that the background of what is happening: last week Bitdefender published a universal utility for decrypting files affected by the attacks of the ransomware… Continue reading FBI Kept Secret Key To Decrypt Data After REvil Attacks
Added utility for decrypting data after REvil attacks
The Romanian company Bitdefender has published a universal utility for decrypting data affected by REvil (Sodinokibi) ransomware attacks. The tool works for any data encrypted before July 13, 2021. However, the company has so far refused to provide any details, citing an ongoing investigation. Let me remind you that on July 13 of this year… Continue reading Added utility for decrypting data after REvil attacks
REvil ransomware resumed attacks
Last week, the infrastructure of REvil (Sodinokibi) returned online after months of downtime, and now the ransomware has resumed attacks. The fact is that in July 2021, the hack group went offline without giving any reason. Then it was a question of shutting down an entire network of conventional and darknet sites that were used… Continue reading REvil ransomware resumed attacks
Servers of the hack group REvil are back online
In July 2021, the infrastructure of REvil (Sodinokibi) was turned off without explanation, but now the information security specialists have noticed that the REvil servers are back online. It was about a whole network of conventional and darknet sites that were used to negotiate a ransom, leak data stolen from victims, as well as the… Continue reading Servers of the hack group REvil are back online