Reportseverity: High2020-06-25
Symantec discloses WastedLocker wave against 31 US organizations
published by Symantec (Broadcom)
Actor
Russian cybercrime syndicate publicly attributed by the U.S. Treasury OFAC in December 2019, which sanctioned founder Maksim Yakubets. Operators of the Dridex banking trojan, the BitPaymer and Wasted…
Summary
Symantec's Threat Hunter Team disclosed a wave of WastedLocker ransomware attacks attributed to Evil Corp targeting at least 31 US organizations, including eight Fortune 500 companies across manufacturing, IT and media. The intrusion chain began with the SocGholish JavaScript framework delivered through compromised legitimate websites, followed by Cobalt Strike for lateral movement and culminating in WastedLocker deployment.
Tags
ransomwarewastedlockersocgholishcobalt-strike
Primary source
security.comOther Evil Corp events
- 2024-10-01US, UK and Australia issue trilateral Evil Corp sanctions naming FSB enabler Benderskiy
- 2024-10-01UK NCA unmasks Evil Corp's Aleksandr Ryzhenkov as a LockBit affiliate
- 2020-07-24Garmin global outage attributed to Evil Corp WastedLocker ransomware
- 2019-12-05US Treasury sanctions Evil Corp and designates Maksim Yakubets
- 2019-12-05DOJ indicts Maksim Yakubets and Igor Turashev over Bugat/Dridex scheme