In order to continue profiting from its illicit activities, the cybercriminal outfit is distancing itself from its earlier identity by shifting techniques and tools once more.
Researchers have discovered that Evil Corp has altered tactics again, this time focusing on the LockBit ransomware after US sanctions made it harder for the cybercriminal outfit to profit financially from its activities.
Mandiant Intelligence researchers have been investigating a “financially motivated threat cluster” they’re calling UNC2165, which has a lot of similarities to Evil Corp and is most likely the most recent version of the group. Researchers noted in a paper published Thursday that UNC2165 uses a mix of the FakeUpdates infection chain and the LockBit ransomware to obtain access to target networks.
Read More: https://threatpost.com/evil-corp-pivots-to-lockbit-to-dodge-u-s-sanctions/179858/