A Russia-based hacking group is exploiting the current Covid-19 pandemic to target and compromise U.S. companies with multiple strains of malware, according to a new report.
Cybersecurity firm Symantec released a warning that the Russian hacking group “Evil Corp” has been behind a widespread hacking campaign against over thirty U.S. organizations, including eight Fortune 500 companies. The group has been using a sophisticated chain of attacks to deploy ransomware into corporate networks, starting with targeting employees who are working remotely and deploying malware via compromised websites.
“The attacks begin with a malicious JavaScript-based framework known as SocGholish, tracked to more than 150 compromised websites, which masquerades as a software update. Once the attackers gain access to the victim’s network, they use Cobalt Strike commodity malware in tandem with a number of living-off-the-land tools to steal credentials, escalate privileges, and move across the network in order to deploy the WastedLocker ransomware on multiple computers,” stated the Symantec report.
Evil Corp is thought to be responsible for an array of malware, including the Dridex banking Trojan and BitPaymer ransomware, both of which are estimated to have cost their victims tens of millions of dollars.
“The attackers behind this threat appear to be skilled and experienced, capable of penetrating some of the most well protected corporations, stealing credentials, and moving with ease across their networks. As such, WastedLocker is a highly dangerous piece of ransomware,” Symantec concluded.
