{"id":35993,"date":"2020-07-09T15:44:16","date_gmt":"2020-07-09T15:44:16","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/31374\/Evilnum-Hacking-Group-Linked-To-Attacks-Against-Fintech-Firms.html"},"modified":"2020-07-09T15:44:16","modified_gmt":"2020-07-09T15:44:16","slug":"evilnum-hacking-group-linked-to-attacks-against-fintech-firms","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\/","title":{"rendered":"Evilnum Hacking Group Linked To Attacks Against Fintech Firms"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/zdnet3.cbsistatic.com\/hub\/i\/r\/2020\/07\/08\/d668372a-b190-4611-a09b-13bb2d920c05\/thumbnail\/770x578\/dcf736770a297f3b2baa714b2f67bc6e\/screenshot-2020-07-08-at-11-55-50.png\" class=\"ff-og-image-inserted\"><\/div>\n<p>Evilnum has been detected in the wild since 2018 with links made between the advanced persistent threat (APT) group and attacks against financial technology firms.&nbsp;<\/p>\n<p>Beyond the group&#8217;s taste for Fintech targets, however, little has been explored in terms of the group&#8217;s tools, techniques, or potential ties to other cyberattackers.&nbsp;<\/p>\n<p>Researchers from ESET have been investigating the APT for some time, and on Thursday, published <a href=\"https:\/\/www.welivesecurity.com\/2020\/07\/09\/more-evil-deep-look-evilnum-toolset\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">an analysis<\/a> of the threat group.&nbsp; <\/p>\n<p>According to the team, Evilnum has focused on targets located in Europe and the United Kingdom, although some victims are also located in Australia and Canada.&nbsp; <\/p>\n<p>As with many cyberattackers that specialize in financial targets, the aim is to infiltrate corporate networks, grab access credentials, and steal valuable financial information that can then either be used for fraudulent purchases or sold on in bulk to other criminals.&nbsp; <\/p>\n<p><strong>See also:&nbsp;<\/strong><a href=\"https:\/\/www.zdnet.com\/article\/promethium-apt-attacks-surge-government-sponsorship-suspected\/\" target=\"_blank\" rel=\"noopener noreferrer\">Promethium APT attacks surge, new Trojanized installers uncovered<\/a> <\/p>\n<p>Evilnum&#8217;s preliminary attack vector is a common one: approach the target with spearphishing emails. While standard phishing emails are often used in &#8216;spray and pray&#8217; tactics, these messages will utilize social engineering and will contain information that makes the emails appear to be genuine to technical support representatives and account managers.&nbsp; <\/p>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_zd_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\"> <\/section>\n<p>The emails contain a link to a .zip file hosted on Google Drive. Once extracted, malicious .LNK files will lead to decoy documents that appear to be files relating to Know Your Customer (KYC) data, such as copies of driving licenses or bills with proof of address.&nbsp; <\/p>\n<p>However, these documents will then execute a range of malicious components to compromise corporate networks.&nbsp; <\/p>\n<p>Evilnum&#8217;s toolset <a href=\"https:\/\/blog.prevailion.com\/2020\/05\/phantom-in-command-shell5.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">has evolved<\/a> in recent years and now includes custom malware &#8212; including the Evilnum malware family &#8212; as well as hacking tools purchased from <a href=\"https:\/\/medium.com\/@quoscient\/golden-chickens-uncovering-a-malware-as-a-service-maas-provider-and-two-new-threat-actors-using-61cf0cb87648\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Golden Chickens<\/a>, a group ESET says is a Malware-as-a-Service (MaaS) provider which also counts FIN6 and Cobalt Group among its clientele.&nbsp; <\/p>\n<p><strong>CNET:&nbsp;<\/strong><a href=\"https:\/\/www.cnet.com\/news\/best-home-security-cameras-of-2020-arlo-pro-3-wyze-cam-arlo-video-doorbell\/?ftag=CMG-01-10aaa1b\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\">Best home security cameras of 2020<\/a> <\/p>\n<p>These <a href=\"https:\/\/www.ptsecurity.com\/ww-en\/analytics\/pt-esc-threat-intelligence\/cobalt_upd_ttps\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">tools include<\/a> ActiveX components (OCX files) containing TerraLoader, a dropper for other malware made available to Golden Chickens customers, such as the More_eggs backdoor, a DLL search order hijacking suite, and a sophisticated remote access program.&nbsp; <\/p>\n<p>&#8220;We believe that FIN6, Cobalt Group, and Evilnum group are not the same, despite the overlaps in their toolsets. They just happen to share the same MaaS provider,&#8221; ESET noted. <\/p>\n<p>If a victim opens a decoy document, the Evilnum malware, Python-based tools, or Golden Chickens components will launch. Each tool has a link to a separate command-and-control (C2) server and operates independently, whether for information theft, persistence, the deployment of additional malware, or other malicious functions.&nbsp; <\/p>\n<p>The main Evilnum payload focuses on theft, including any account credentials saved in the Google Chrome browser as well as cookies, and will scour infected systems for credit card information, ID documents, customer lists, investments and trading documents, software licenses, and VPN configurations.&nbsp; <\/p>\n<p><strong>TechRepublic:&nbsp;<\/strong><a href=\"https:\/\/www.techrepublic.com\/article\/bitdefender-unveils-human-risk-analytics-to-protect-against-human-error\/?ftag=CMG-01-10aaa1b\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\">Bitdefender unveils Human Risk Analytics to protect against human error<\/a> <\/p>\n<p>The researchers have connected the group to a variety of Fintech-based attacks, but do not believe this is enough to link them to any other APT at present.&nbsp; <\/p>\n<p>&#8220;The targets are very specific and not numerous,&#8221; ESET says. &#8220;This, and the group&#8217;s use of legitimate tools in its attack chain, have kept its activities largely under the radar. We were able to join the dots and discover how the group operates, uncovering some overlaps with other known APT groups. We think this and other groups share the same MaaS provider, and the Evilnum group cannot yet be associated with any previous attacks by any other APT group.&#8221; <\/p>\n<h3> Previous and related coverage <\/h3>\n<hr>\n<p><strong>Have a tip?<\/strong> Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0<\/p>\n<hr>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/31374\/Evilnum-Hacking-Group-Linked-To-Attacks-Against-Fintech-Firms.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":35994,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[5820],"class_list":["post-35993","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinehackerbankcybercrimefraud"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Evilnum Hacking Group Linked To Attacks Against Fintech Firms 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Evilnum Hacking Group Linked To Attacks Against Fintech Firms 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-07-09T15:44:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms.png\" \/>\n\t<meta property=\"og:image:width\" content=\"770\" \/>\n\t<meta property=\"og:image:height\" content=\"578\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Evilnum Hacking Group Linked To Attacks Against Fintech Firms\",\"datePublished\":\"2020-07-09T15:44:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\\\/\"},\"wordCount\":641,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms.png\",\"keywords\":[\"headline,hacker,bank,cybercrime,fraud\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\\\/\",\"name\":\"Evilnum Hacking Group Linked To Attacks Against Fintech Firms 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms.png\",\"datePublished\":\"2020-07-09T15:44:16+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms.png\",\"width\":770,\"height\":578},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,bank,cybercrime,fraud\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackerbankcybercrimefraud\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Evilnum Hacking Group Linked To Attacks Against Fintech Firms\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Evilnum Hacking Group Linked To Attacks Against Fintech Firms 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\/","og_locale":"en_US","og_type":"article","og_title":"Evilnum Hacking Group Linked To Attacks Against Fintech Firms 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-07-09T15:44:16+00:00","og_image":[{"width":770,"height":578,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Evilnum Hacking Group Linked To Attacks Against Fintech Firms","datePublished":"2020-07-09T15:44:16+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\/"},"wordCount":641,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms.png","keywords":["headline,hacker,bank,cybercrime,fraud"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\/","url":"https:\/\/www.threatshub.org\/blog\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\/","name":"Evilnum Hacking Group Linked To Attacks Against Fintech Firms 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms.png","datePublished":"2020-07-09T15:44:16+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/07\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms.png","width":770,"height":578},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/evilnum-hacking-group-linked-to-attacks-against-fintech-firms\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,bank,cybercrime,fraud","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerbankcybercrimefraud\/"},{"@type":"ListItem","position":3,"name":"Evilnum Hacking Group Linked To Attacks Against Fintech Firms"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/35993","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=35993"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/35993\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/35994"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=35993"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=35993"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=35993"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}