Cyber Security

Microsoft Issues Excel Security Alert As $100 Million ‘Evil Corp’ Campaign Evolves

Most people consider Evil Corp to be a fictional corporation from the TV drama Mr. Robot. The truth is that Evil Corp is a very real thing - and they’ve taken to weaponizing Microsoft Excel and using it to spread malware. Researchers from the Microsoft Security Intelligence have tweeted out warnings over the TA505 campaign of Evil Corp. Evil Corp, like other successful people in their “industry,” continues to evolve their tools, techniques, and methods in order to survive. The newest twist in the story involves using Microsoft Excel to spread malware. 

What is Evil Corp?

Evil Corp - perhaps better known as TA505 - is a hacking group based out of Russia. They have been credited with being the people behind a $100 million global bank fraud campaign. Two people alleged to be members of Evil Corp were charged with bank fraud in December 2019, but they both remain at large. One of those men, Maksim Yakubets of Moscow, is believed to be the leader of the group and has a $5 million bounty on his head. The United States Department of the Treasury says that Yakubets is directly connected to the malicious cyber attacks by the Russian government. 

Evil Corp has been in operation since around 2014, and they have shown no signs of stopping - or even slowing down - their cybercriminal activities. They are primarily known to distribute ransomware malware and banking trojans. The latest research from cyber-intelligence group Prevallion suggests that TA505 has compromised over 1,000 organizations. That list of organizations includes two U.S. state government networks, two airlines, and one of the top 25 banks in the world. 

What Excel Alert have Security Intelligence Researchers Tweeted About?

The Microsoft Security Intelligence team sent out a tweetstorm on January 30 warning users of the latest Evil Corp campaign. They warned that the group had come back from a “short hiatus” to start their latest “Dudear” phishing campaign was up and running and deploying a tweaked version of the GraceWire trojan. 

 

By using HTML redirectors, the malware avoids having to use malicious links. This means that threat actors are able to directly download malicious Excel files that will deliver the Trojan payload. The victim would still have to open the Excel file, and they would still need to enable editing for the scripts hidden in the Excel file to work, however. 

Is There a Way to Mitigate the Excel Threat?

Microsoft has proven itself to be more proactive than others when it comes to these kinds of things. When the Microsoft Digital Crimes Unit and Microsoft Threat Intelligence Center discovered the existence of North Korean advanced persistent threat (ATP) hacking group, they dealt them a robust legal rebuke and had them shut down. 

When it comes to the Evil Corp campaign, the primary method to mitigate the damage is, as mentioned, not enabling the Excel file to do what it wants. Don’t enable editing and don’t enable content. Microsoft Security Intelligence has confirmed the latest version of Microsoft Threat Protection prevents the attack threat. Office 365 is also able to detect malicious attachments contained in emails. Finally, the Microsoft Defender ATP can detect the Evil Corp threat of malicious HTML, Excel file, and trojan payload. 

Reactionary Times News Desk

All breaking news stories that matter to America. The News Desk is covered by the sharpest eyes in news media, as they decipher fact from fiction.

Previous/Next Posts

Related Articles

Leave a Reply

Loading...
Back to top button