A Russian cybercriminal group known as Evil Corp is a "significant threat to the U.S. health sector," the Health Sector Cybersecurity Coordination Center warned Aug. 29.
"It is entirely plausible Evil Corp could be tasked with acquiring intellectual property from the U.S. health sector," using data exfiltration cyberattacks "at the behest of the Russian government," according to the alert.
Five things to know about the group:
- Evil Corp first emerged in 2009 and is behind the development and operations of some of the "most powerful malware and ransomware variants" used in the current threat landscape.
- The group has infected computers and harvested login credentials from hundreds of banks and financial institutions in more than 40 countries, stealing over $100 million.
- Evil Corp uses its relationships with other cybercriminal groups and the Russian government to gain access to other malware and ransomware variants, such as TrickBot, Emotet and Ryuk. These variants are known to prolifically target the healthcare sector.
- The group has repeatedly modified their tactics to evade U.S. government actions to thwart them.
- The HC3 alert warns that defense and mitigation recommendations are impractical so longas the group continues to customize its tactics.