Companies in Switzerland, but also in EU countries, should currently pay close attention to their incoming emails. The hacker group Evilnum is currently very active again and has targeted FinTech companies. With so-called spear phishing emails, i.e. very targeted attacks against selected targets, the recipients are to be induced to click on a link to a ZIP file and extract it.
Image by vicky gharat from Pixabay
In addition to an invoice and identification documents, this also contains malware. At first glance, the documents contained look correct in order to avoid suspicion on the part of the recipient. With the operation, Evilnum wants to infiltrate the targeted companies, spy on them and obtain sensitive information about the financial institutions and their customers.
The ESET researchers have published their latest results on Twitter: https://twitter.com/ESETresearch
“We noticed increased activities by the Evilnum Group against FinTech companies in December and January,” explains Matías Porolli, ESET researcher. “Evilnum is not an unknown group to us and has been active since at least 2018. FinTech companies use the know-your-customer process to verify the identity of their users.
The hacker group uses precisely this principle with their operation as access to the company network . We are currently seeing that the group has significantly improved their tools for this. “
How do the attacks work?
The messages contain a link to a ZIP file. Once extracted, malicious .LNK files result in supposedly legitimate ID documents for camouflage. In the background, the malware also contained therein infects the company networks.
The malware then tries to collect sensitive information, including credit card information, address and ID information, and other information.
Who is Evilnum?
The group has a particular focus on destinations in EU countries, Great Britain and Switzerland. But there were also attacks in Australia and Canada.