Written by Tonya Riley
Jun 2, 2022 | CYBERSCOOP
Hackers likely affiliated with the notorious Russian cybercrime group Evil Corp are using off-the-shelf ransomware to evade U.S. sanctions, researchers at security firm Mandiant have found.
The researchers’ observations, published Thursday, are just the latest example of how cybercriminals affiliated with Evil Corp have shifted tactics after U.S. sanctions in 2019 increased scrutiny over transactions with the group.
The group, which had already started pivoting from broader financial crimes to ransomware prior to 2019, has since been tied by multiple researchers to a number of different malware strains including WASTEDLOCKER and HADES ransomware.
But as those strains became synonymous with Evil Corp, users have had to adjust. For instance, after an October 2020 Treasury Department advisory tying WASTEDLOCKER to the group, researchers noticed a drop in activity using the malware. Researchers at Emsisoft even observed Evil Corp affiliates masquerading last year as another notorious group, REvil, to evade sanctions.
Treasury sanctioned Evil Corp in 2019 for its development and distribution of Dridex, a malware used to infiltrate hundreds of financial institutions in more than 40 countries, leading to millions of dollars in damages.
Now, affiliates whom researchers