APT group Evilnum aka Jointworm has been seen targeting the financial sector with malicious emails. The group first seen in 2018 with the motivation of information theft and espionage has been active recently in an attempt to rob users of their credentials and gaining sensitive information for their gain. The Evilnum APT group has mostly targeted FinTech (financial services) sector, particularly those in the UK and Europe that deal with trading and compliance. However, in March, 2022, the group targets Intergovernmental organizations that offer assistance related to international migration.
According to researchers, the APT group registered several domain names using particular keywords relating to the industry vertical targeted in each new instance of the campaign.
Evilnum APT group affects multiple European countries with its latest ongoing campaign ‘Operation DarkCosino’ and delivered new components: DarkMe and PikoloRAT.