{ "id": "e4c1b427-fe94-42cf-ab23-995682450daa", "created_at": "2026-04-06T00:22:38.93694Z", "updated_at": "2026-04-10T03:33:15.570092Z", "deleted_at": null, "sha1_hash": "d4c60e903335e8b79de8f18a3c8d9ee0d5a73ddb", "title": "Russian hacker group Evil Corp targets US workers at home", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 32044, "plain_text": "Russian hacker group Evil Corp targets US workers at home\r\nBy BBC News\r\nPublished: 2020-06-26 ยท Archived: 2026-04-05 16:39:58 UTC\r\nThe US presidential election is also just months away, and federal and local officials have been working to put\r\nmeasures in place to protect voter records as well as manage safe voting practices amid the pandemic.\r\nWhat do we know about the attack?\r\nSymantec Corporation, a firm that monitors corporate and government networks released a notice warning of the\r\nthreat it identified on Thursday night.\r\nThe attacks used what Symantec described as a relatively new type of ransomware called WastedLocker, which\r\nhas been attributed to Evil Corp. Ransomware are computer viruses that threaten to delete files unless the ransom\r\nis paid. The WastedLocker ransomware virus demands ransoms of $500,000 to $1m to unlock computer files it\r\nseizes.\r\nSymantec said the \"vast majority of targets are major corporations, including many household names\", and eight\r\ntargets were Fortune 500 companies. All are US-owned but one, which is a US-based subsidiary.\r\nMost targeted companies were in the manufacturing, information technology and media sectors.\r\nTechnology explained: what is ransomware?\r\nSymantec said the hackers had breached the networks of these companies and were \"laying the groundwork\" for\r\nfuture ransomware attacks that would let them block access to data and demand millions of dollars.\r\nSource: https://www.bbc.com/news/world-us-canada-53195749\r\nhttps://www.bbc.com/news/world-us-canada-53195749\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "references": [ "https://www.bbc.com/news/world-us-canada-53195749" ], "report_names": [ "world-us-canada-53195749" ], "threat_actors": [ { "id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d", "created_at": "2022-10-25T16:07:24.139848Z", "updated_at": "2026-04-10T02:00:04.878798Z", "deleted_at": null, "main_name": "Safe", "aliases": [], "source_name": "ETDA:Safe", "tools": [ "DebugView", "LZ77", "OpenDoc", "SafeDisk", "TypeConfig", "UPXShell", "UsbDoc", "UsbExe" ], "source_id": "ETDA", "reports": null }, { "id": "50068c14-343c-4491-b568-df41dd59551c", "created_at": "2022-10-25T15:50:23.253218Z", "updated_at": "2026-04-10T02:00:05.234464Z", "deleted_at": null, "main_name": "Indrik Spider", "aliases": [ "Indrik Spider", "Evil Corp", "Manatee Tempest", "DEV-0243", "UNC2165" ], "source_name": "MITRE:Indrik Spider", "tools": [ "Mimikatz", "PsExec", "Dridex", "WastedLocker", "BitPaymer", "Cobalt Strike" ], "source_id": "MITRE", "reports": null }, { "id": "b296f34c-c424-41da-98bf-90312a5df8ef", "created_at": "2024-06-19T02:03:08.027585Z", "updated_at": "2026-04-10T02:00:03.621193Z", "deleted_at": null, "main_name": "GOLD DRAKE", "aliases": [ "Evil Corp", "Indrik Spider ", "Manatee Tempest " ], "source_name": "Secureworks:GOLD DRAKE", "tools": [ "BitPaymer", "Cobalt Strike", "Covenant", "Donut", "Dridex", "Hades", "Koadic", "LockBit", "Macaw Locker", "Mimikatz", "Payload.Bin", "Phoenix CryptoLocker", "PowerShell Empire", "PowerSploit", "SocGholish", "WastedLocker" ], "source_id": "Secureworks", "reports": null }, { "id": "9806f226-935f-48eb-b138-6616c9bb9d69", "created_at": "2022-10-25T16:07:23.73153Z", "updated_at": "2026-04-10T02:00:04.729977Z", "deleted_at": null, "main_name": "Indrik Spider", "aliases": [ "Blue Lelantos", "DEV-0243", "Evil Corp", "G0119", "Gold Drake", "Gold Winter", "Manatee Tempest", "Mustard Tempest", "UNC2165" ], "source_name": "ETDA:Indrik Spider", "tools": [ "Advanced Port Scanner", "Agentemis", "Babuk", "Babuk Locker", "Babyk", "BitPaymer", "Bugat", "Bugat v5", "Cobalt Strike", "CobaltStrike", "Cridex", "Dridex", "EmPyre", "EmpireProject", "FAKEUPDATES", "FakeUpdate", "Feodo", "FriedEx", "Hades", "IEncrypt", "LINK_MSIEXEC", "MEGAsync", "Macaw Locker", "Metasploit", "Mimikatz", "PayloadBIN", "Phoenix Locker", "PowerShell Empire", "PowerSploit", "PsExec", "QNAP-Worm", "Raspberry Robin", "RaspberryRobin", "SocGholish", "Vasa Locker", "WastedLoader", "WastedLocker", "cobeacon", "wp_encrypt" ], "source_id": "ETDA", "reports": null }, { "id": "6c4f98b3-fe14-42d6-beaa-866395455e52", "created_at": "2023-01-06T13:46:39.169554Z", "updated_at": "2026-04-10T02:00:03.23458Z", "deleted_at": null, "main_name": "Evil Corp", "aliases": [ "GOLD DRAKE" ], "source_name": "MISPGALAXY:Evil Corp", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434958, "ts_updated_at": 1775791995, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/d4c60e903335e8b79de8f18a3c8d9ee0d5a73ddb.pdf", "text": "https://archive.orkl.eu/d4c60e903335e8b79de8f18a3c8d9ee0d5a73ddb.txt", "img": "https://archive.orkl.eu/d4c60e903335e8b79de8f18a3c8d9ee0d5a73ddb.jpg" } }