ESET informs: Current cybercrime campaign targets the Swiss FinTech industry. Evilnum Group wants to infiltrate and spy on companies.
Companies in Switzerland, but also in EU countries, should currently pay close attention to their incoming e-mails. The hacker group Evilnum is currently very active again and is targeting FinTech companies. With so-called spear phishing emails, i.e. very targeted attacks against selected targets, the recipients are to be induced to click on a link to a ZIP file and extract it. In addition to an invoice and identification documents, this also contains malware. At first glance, the documents contained look correct in order to avoid mistrust on the part of the recipient. With the operation, Evilnum wants to infiltrate and spy on the targeted companies and obtain sensitive information about the financial institutions and their customers.
Increased actions against FinTech companies
"We noticed increased activities by the Evilnum Group against FinTech companies in December and January," explains Matías Porolli, ESET researcher. “Evilnum is not an unknown group to us and has been active since at least 2018. FinTech companies use the know-your-customer procedure to verify the identity of their users. With their operation, the hacker group uses precisely this principle as access to the company network. We can currently see that the group has significantly improved its tools for this. "
How do the attacks work?
Evilnum's attack vector follows the pattern of approaching the target with spear phishing emails. The target groups in the company are mainly support and customer advisors. The messages contain a link to a ZIP file. Once extracted, malicious .LNK files result in supposedly legitimate ID documents for camouflage. In the background, the malicious program also contained therein infects the company networks. The malware then tries to collect sensitive information, including credit card information, address and ID information, and other information.
Who is the Evilnum Group?
ESET researchers have been monitoring and analyzing the Evilnum group since 2018. The hackers mainly attack FinTech companies with Advanced Persistent Threats (APT). ESET published a comprehensive analysis of Evilnum back in 2020. The group has a particular focus on destinations in EU countries, Great Britain and Switzerland. But there were also attacks in Australia and Canada.
Find out more on the ESET researchers' Twitter channel
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.