ICIC
UN

Evilnum

Medium ConfidenceMedium Threat

DeathStalker • TA4563

Evilnum is a financially motivated threat actor that has been active since at least 2018, primarily targeting financial technology companies, stock trading platforms, and cryptocurrency businesses. The group uses sophisticated spear-phishing campaigns and custom malware to steal credentials, financial data, and trading algorithms. Evilnum's operations focus on the fintech sector, particularly companies handling sensitive financial transactions and customer data.

Origin: Unknown
Sponsor: Cybercriminal (No State Sponsor)
Active: 2018 - Present
Victims: 50+ organizations
Advanced
Active
Financial GainEspionage
Risk Assessment
59
Composite Risk Score
Medium Risk
ARCS Compliance62
Escalation Risk60
Grievance Index55
Infrastructure Impact58
History & Evolution

Evilnum is a financially motivated threat actor that has been active since at least 2018, primarily targeting financial technology companies, stock trading platforms, and cryptocurrency businesses. The group uses sophisticated spear-phishing campaigns and custom malware to steal credentials, financial data, and trading algorithms. Evilnum's operations focus on the fintech sector, particularly companies handling sensitive financial transactions and customer data.

Targeting

Target Sectors

FinTechLegalCryptocurrencyInvestment

Target Regions

EuropeUnited KingdomMiddle East
Attribution & Affiliations

Attributed to Cybercriminal (No State Sponsor) (Unknown). Attribution confidence: Medium.

Intelligence Assessment
Medium
Threat Level
Moderately
Targeting
Moderately
Adaptability
Medium
Persistence
Continuous
Op Tempo
Active
Status

Future Outlook

Evilnum is expected to continue operations targeting FinTech sectors.

Timeline of Key Events
2018
Major

First observed activity of Evilnum

2024
Moderate

Continued active operations