Current cybercrime campaign targets the Swiss FinTech industry

Companies in Switzerland, but also in EU countries, should currently pay close attention to their incoming emails.  The  hacker group Evilnum is currently very active again and has targeted FinTech companies. With so-called spear phishing emails, i.e. very targeted attacks against selected targets, the recipients are to be induced to click on a link to a ZIP file and extract it.

Image by vicky gharat from Pixabay

In addition to an invoice and identification documents, this also contains malware. At first glance, the documents contained look correct in order to avoid suspicion on the part of the recipient. With the operation, Evilnum wants to infiltrate the targeted companies, spy on them and obtain sensitive information about the financial institutions and their customers.

 The  ESET researchers have published their latest results on Twitter: https://twitter.com/ESETresearch

“We noticed increased activities by the Evilnum Group against FinTech companies in December and January,” explains Matías Porolli, ESET researcher. “Evilnum is not an unknown group to us and has been active since at least 2018. FinTech companies use the know-your-customer process to verify the identity of their users.

 The  hacker group uses precisely this principle with their operation as access to the company network . We are currently seeing that the group has significantly improved their tools for this. “

How do the attacks work?

Evilnum’s attack vector follows the pattern of approaching the target with spear phishing emails.

 The  target groups in the company are mainly support and customer advisors.

 The  messages contain a link to a ZIP file. Once extracted, malicious .LNK files result in supposedly legitimate ID documents for camouflage. In the background, the malware also contained therein infects the company networks.

 The  malware then tries to collect sensitive information, including credit card information, address and ID information, and other information.

Who is Evilnum?

ESET researchers have been observing and analyzing the Evilnum group since 2018.

 The  hackers mainly attack FinTech companies with Advanced Persistent Threats (APT). ESET published a comprehensive analysis of Evilnum back in 2020.

 The  group has a particular focus on destinations in EU countries, Great Britain and Switzerland. But there were also attacks in Australia and Canada.