Russian Evil Corp changes tactics to avoid sanctions


Security researchers from Mandiant have discovered that Russian hacking group Evil Corp has changed its tactics to evade sanctions pronounced by the United States Treasury Department.

UNC2165, a hacking group cluster that includes those spreading LockBit and Conti ransomware, was being tracked by law enforcement as its financial crimes were brought under the radar of sanctions in 2019.

UNC2165 is Evil Corp that changed its attack tactics in October last year by infecting banks and other financial organizations across 40 countries with Dridex Malware.

The said hacking group was in a viewpoint that law enforcement might not detect its new infection tactics.

But Mandiant claims that it has enough evidence to prove UNC2165 as a disguise to Evil Corp that stole over $100 million in the year 2019-20 alone. It was earlier being distributed as WastedLocker and has recently shifted to become Hades Ransomware.

This means that there is only a change in name, and the rest, all the attribution, infection, and ransom demand tactics, are the same.

NOTE- Evil Corp is a cybercrime group that uses malicious software to steal currency from victims’ bank accounts. It is said to be linked to Moscow, Russia, and is struggling to evade sanctions as all the payments made to this group are being tracked by the FBI and NSA these days Ransomware and its spread are being treated as a national threat as the file-encrypting has a potential to break a business on a permanent note.


Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display