Evil Corp
High ConfidenceHigh ThreatINDRIK SPIDER • Manatee Tempest • DEV-0243 • UNC2165
Evil Corp, also known as INDRIK SPIDER, is a Russia-based cybercriminal group that has been active since at least 2009. They are considered one of the most capable and prolific cybercriminal syndicates in the world. The group is responsible for the development and operation of several of the most powerful malware and ransomware variants, including the Dridex banking trojan and the BitPaymer, WastedLocker, and Hades ransomware families. Evil Corp is known for its sophisticated tactics and its ability to evolve and adapt to changing security landscapes. The group has been observed modifying its activities to circumvent U.S. federal government actions to stop them. Evil Corp's primary motivation is financial gain, and they have targeted a wide range of industries, with a particular focus on the financial and healthcare sectors. The group has been responsible for stealing hundreds of millions of dollars from banks and other financial institutions around the world. In recent years, the group has increasingly turned to ransomware attacks, demanding large ransoms from its victims. The U.S. government has indicted members of the group and has offered a bounty for information on their leadership. Despite these efforts, Evil Corp remains a significant threat to organizations worldwide.
Evil Corp, also known as INDRIK SPIDER, is a Russia-based cybercriminal group that has been active since at least 2009. They are considered one of the most capable and prolific cybercriminal syndicates in the world. The group is responsible for the development and operation of several of the most powerful malware and ransomware variants, including the Dridex banking trojan and the BitPaymer, WastedLocker, and Hades ransomware families. Evil Corp is known for its sophisticated tactics and its ability to evolve and adapt to changing security landscapes. The group has been observed modifying its activities to circumvent U.S. federal government actions to stop them. Evil Corp's primary motivation is financial gain, and they have targeted a wide range of industries, with a particular focus on the financial and healthcare sectors. The group has been responsible for stealing hundreds of millions of dollars from banks and other financial institutions around the world. In recent years, the group has increasingly turned to ransomware attacks, demanding large ransoms from its victims. The U.S. government has indicted members of the group and has offered a bounty for information on their leadership. Despite these efforts, Evil Corp remains a significant threat to organizations worldwide.
Target Sectors
Target Regions
Attributed to Criminal Organization (Russia). Attribution confidence: High.
Future Outlook
Evil Corp is expected to continue operations targeting Financial.
First observed activity
Ongoing operations