{"id":21341,"date":"2022-09-26T00:53:41","date_gmt":"2022-09-26T00:53:41","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=21341"},"modified":"2026-04-17T18:07:43","modified_gmt":"2026-04-17T18:07:43","slug":"apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\/","title":{"rendered":"APT Group Evilnum Launched a New Round of Cyberattacks on Online Transactions"},"content":{"rendered":"<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD HTML 4.0 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/REC-html40\/loose.dtd\">\n<html><body><h2 class=\"wp-block-heading\">Overview<\/h2>\n\n\n\n<p>NSFOCUS Security Labs detected a string of related phishing attacks recently. The analysis confirmed that these activities were staged by the APT group Evilnum and they were a continuation of the group&#8217;s recent operation DarkCasino.<\/p>\n\n\n\n<p>This round of cyberattacks occurred in late July and lasted until early August. Evilnum attackers maintained consistent attack methodology and tools during the campaign. They continued to employ decoy files of PIF type and compressed type, design attack chains based on the self-developed DarkMe trojan, and use various third-party tools. DarkCasino was an APT operation observed by NSFOCUS Security Labs, mainly aimed at western European countries in the Mediterranean region and targeting cash flows in online transactions. For more information, refer to <a href=\"https:\/\/nsfocusglobal.com\/pt-br\/operation-darkcasino-in-depth-analysis-of-attacks-by-apt-group-evilnum-part-1\/\" target=\"_blank\" rel=\"noreferrer noopener\">Operation DarkCasino: In-depth Analysis of Attacks by APT Group Evilnum<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About APT Group Evilnum<\/h2>\n\n\n\n<p>Evilnum is a financially motivated threat group that has been active in the UK and Europe since 2018. The group mainly targeted online trading platforms by stealing transaction credentials for the cash in the accounts of both parties.<\/p>\n\n\n\n<p>The group is named after a trojan called Evilnum, whose alias is DeathStalker.<\/p>\n\n\n\n<p>Its typical attack method is to disguise malicious programs as customer identification documents, trick trading platform employees into running these programs, and then steal valuable information on victim hosts by implanting spy trojans.<\/p>\n\n\n\n<p>Evilnum has strong development capabilities and can design complex attack flows and components. NSFOCUS Security Labs had ever observed and disclosed multiple attack flows that were launched by the group with a high completion rate and various self-developed trojans.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Attack Targets<\/h2>\n\n\n\n<p>Evilnum attackers still targeted online transactions in this campaign.<\/p>\n\n\n\n<p>The name of decoy documents captured by NSFOCUS Security Labs revealed the attack tendency.<\/p>\n\n\n\n<p class=\"has-text-align-center\">Table 1 Decoy file names<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Decoy-file-name-Evilnum.png\"><img fetchpriority=\"high\" decoding=\"async\" width=\"763\" height=\"546\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Decoy-file-name-Evilnum.png\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-21350\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Decoy-file-name-Evilnum.png 763w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Decoy-file-name-Evilnum-300x215.png 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Decoy-file-name-Evilnum-370x265.png 370w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Decoy-file-name-Evilnum-600x429.png 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Decoy-file-name-Evilnum-200x143.png 200w\" sizes=\"(max-width: 763px) 100vw, 763px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p>These lures were disguised as common transaction documents such as bills, lists, and invoices to attack operations staff. Part of the keywords indicated that the targets could collect cryptocurrency payments.<\/p>\n\n\n\n<p>These characteristics are similar to those in previous operations of the Evilnum group. The group usually uses such lures to attack online transaction systems, aiming to steal money from the accounts of both transaction parties. Targeted industries include online banking, Internet finance, cryptocurrency platform, online entertainment, and others.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Attack Flows<\/h2>\n\n\n\n<p>The typical attack flow used in this campaign was similar to attack flow B in<a href=\"https:\/\/nsfocusglobal.com\/pt-br\/operation-darkcasino-in-depth-analysis-of-attacks-by-apt-group-evilnum-part-1\/\" target=\"_blank\" rel=\"noreferrer noopener\"> Operation DarkCasino<\/a>, with some adjustments.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Figure-1.-Attack-flow-A.png\"><img decoding=\"async\" width=\"1024\" height=\"538\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Figure-1.-Attack-flow-A-1024x538.png\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-21342\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Figure-1.-Attack-flow-A-1024x538.png 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Figure-1.-Attack-flow-A-300x158.png 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Figure-1.-Attack-flow-A-768x403.png 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Figure-1.-Attack-flow-A-600x315.png 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Figure-1.-Attack-flow-A-200x105.png 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Figure-1.-Attack-flow-A.png 1350w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center\">Figure 1. Attack flow A<\/p>\n\n\n\n<p>Attack flow A shown in the above figure was used in the campaign in late July. A downloader trojan with double extensions was packaged in a compressed file and delivered to the victim, tricking the victim into running the trojan. Then the next-stage trojan bCMLm.exe placed in http[:]\/\/102.37.220[.]234\/htdocs\/ was downloaded.<\/p>\n\n\n\n<p>bCMLm.exe was a dropper trojan, and it dropped three built-in files to the <strong>%TEMP%<\/strong> system directory and executed the <strong>UI.exe<\/strong> file.<\/p>\n\n\n\n<p>After lddAw.exe was executed, the <strong>E.ocx<\/strong> library file was loaded to read hidden data in the <strong>bump.bmp<\/strong> steganographic image file. The hidden data was the <strong>ShellRunDllVb.dll<\/strong> file that was loaded and executed by <strong>E.ocx<\/strong>.<\/p>\n\n\n\n<p>ShellRunDllVb.dll is a DarkMe trojan that was frequently used by the Evilnum group, and it can execute file operations and CMD commands. ShellRunDllVb.dll communicated with the C&amp;C server c9spus[.]com:333.<\/p>\n\n\n\n<p>In early August, Evilnum attackers adjusted the attack flow by simplifying the download part of remote files and delivering a dropper trojan as a shortcut file.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Figure-2.-Attack-flow-B.png\"><img decoding=\"async\" width=\"1024\" height=\"449\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Figure-2.-Attack-flow-B-1024x449.png\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-21344\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Figure-2.-Attack-flow-B-1024x449.png 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Figure-2.-Attack-flow-B-300x132.png 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Figure-2.-Attack-flow-B-768x337.png 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Figure-2.-Attack-flow-B-600x263.png 600w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Figure-2.-Attack-flow-B-200x88.png 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Figure-2.-Attack-flow-B.png 1386w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n<\/div>\n\n\n<p class=\"has-text-align-center\">Figure 2. Attack flow B<\/p>\n\n\n\n<p>In attack flow B shown in the above figure, the initial stage payload was disguised as a PIF shortcut. Its double extensions misled victims into viewing it as a PDF file. The payload was a dropper trojan. It dropped three built-in files in the <strong>%TEMP%<\/strong> system directory and then executed the <strong>lddAw.exe<\/strong> file. The subsequent process was almost the same as that used in late July.<\/p>\n\n\n\n<p>In addition, Evilnum attackers used large numbers of third-party trojans such as AgentTesla and FormBook, which were delivered in a way similar to attack flow B. These third-party trojans have powerful data theft ability and can help attackers steal more valuable information like credentials.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>This round of attack activities demonstrates that the Evilnum group is vigorous and has a clear division of labor. Evilnum developers constantly iterate attack tools to enhance performance and confrontation abilities. Evilnum attackers keep trying different methods to deliver trojans and rapidly adjusting the execution for better attack results. As Evilnum continues to expand its targeting scope, ordinary users who conduct online transactions should be vigilant of such attacks to prevent personal information leakage and resulting property damage.<\/p>\n\n\n\n<p><strong>Indicators of Compromise (IoCs)<\/strong><\/p>\n\n\n\n<p>74329f3585df9b4ac4a0bc4476369dc08975201d7fc326d2b0f7b7a4c1eab22b<\/p>\n\n\n\n<p>15f3d7a366a7101d8be528683a223aa6831f2697d118f72c2de85f7467d1cd89<\/p>\n\n\n\n<p>21269d54395a1c7949c5919819b8533bfc2508318ec625ec8ee57654a39b698e<\/p>\n\n\n\n<p>22548aaf2ca74dabb3fe50b274c08a71e72a31ecc79f53416007f7332d2ce19e<\/p>\n\n\n\n<p>25605ccb0d3bf15f9e496dcc4d5a035a432a0226828cbb49230208bb5873c935<\/p>\n\n\n\n<p>4d6da7db85da305cca557c4e3e3e909f0e7e706f68592845dfee0ee7e220d11f<\/p>\n\n\n\n<p>6d5a01dedfcea8fed1d6df29d4c72a592176bc9214fe1cfd8aadcc2a6a21c31b<\/p>\n\n\n\n<p>7005e6d9b81a8392bef6e6667f49adf342d4bcfff339d1337b5caf620061959a<\/p>\n\n\n\n<p>818f1f455b20d34ff17bf88cac0f4d02f5aaad46af2d7a0e81459793931fb20a<\/p>\n\n\n\n<p>85bb47acf3e9e3bd5d677eda5e9383a80bf7d9e424113f1b4d6f2cef7c7476af<\/p>\n\n\n\n<p>c3ca57ce8c9b2804038525ac16b4e73af857a6b9eede7ef06d3c836bdeec0973<\/p>\n\n\n\n<p>d787b403e7447e1851336a2655a1c8f911c302ccdc5bc63cfc8bfac1e1d4f77c<\/p>\n\n\n\n<p>ef2c54b2ebfcd6daa2c9a96e15f206ab07b62a5c4ab2244ee70ae18f3aba7dff<\/p>\n\n\n\n<p>1dd764b819ac194712c5269c886b71883a3182b1e488a69f9cf032fbcb258076<\/p>\n\n\n\n<p>d1ab76d6fb30e774089214c14319c10273a6361da9890ec5cb0c6b19a231a0d0<\/p>\n\n\n\n<p>258fde5161a07b89ff33142fb57a2fe176f7e0ea58f46acf9d7c6cf834f83731<\/p>\n\n\n\n<p>015b823d7a91f30d1a2ad1ffad9cf5b62a3191181d4c8c1631716014eb2ad51f<\/p>\n\n\n\n<p>05ad34f00a06df222f2a8179bddf6a55367d498763cbe65be341bcc6a7e28415<\/p>\n\n\n\n<p>09d8451dc6facfe27b63b3daf89f47d9f70820a87a68bd630188958b40edf928<\/p>\n\n\n\n<p>0c743bec2ded9ea3b10f973288cfe0f410ef680d89e52bd14d1073c385fc92b4<\/p>\n\n\n\n<p>0cb3a4e2a6e1767356066266c709da67605096daa7a6dd9d7d58cf94606726c3<\/p>\n\n\n\n<p>0cff04be7f720460b2915fc0e21f13de7fb0d918731c526c3407503f96a3c76d<\/p>\n\n\n\n<p>0f236ff44394b314a8981b03c6b6ca8c57c901476a4146f7dd1a1efd81b2a1e8<\/p>\n\n\n\n<p>1040403a9928dafe952ee43667cb725d3d9e26e73c6083dc5ed2cda437b4bf5e<\/p>\n\n\n\n<p>107f75a8523a90c34426d144c6631d51f9406280ff117ef4fc1ec25afc97bf29<\/p>\n\n\n\n<p>116ab974ec6c1db53b7d8254ca564e55b94d1597290c979892b034b29bb09898<\/p>\n\n\n\n<p>11928d2b9537fe5f9eaad05aaf1ebf4adf93ed68417e9ca60081ecb061ef74c7<\/p>\n\n\n\n<p>14d62b9dd87150bad3eafda51b5c2bd4639bd1e830fcde6254e4fe72a81b6a46<\/p>\n\n\n\n<p>15c4fcf8498ad3f9b06af006d1e5f672b387ef57de435b3a9389089565851a17<\/p>\n\n\n\n<p>1e1b9a014fb18c544e5f451171cd228e416e9d2ade1b2cf9ed90f7606a0b18e0<\/p>\n\n\n\n<p>2d0307e4156c1e31ceb006e8f5d6c76e3b18899d15682697a3ba3dd49a759ab7<\/p>\n\n\n\n<p>2f4077171ac081126a98982e2fe84bca197b6f9d56627f2904a6de48557af244<\/p>\n\n\n\n<p>3a3d40045c5f673d5914b2e057e69d5f05e3fe15da282bc0687f43dccace7f08<\/p>\n\n\n\n<p>db482bcdfac9d5b1201cd4576f1cf6885dd93b783c4f7f6150666a2f142dd8dc<\/p>\n\n\n\n<p>5eff810e68fc0cf97346c4797a04bc4bbe98069f584973e8e9f0466c2ed1af3d<\/p>\n\n\n\n<p>088a6db1ccfe330c113ce56ac485b83f36a04e1ded3a2b5736799c03382f50be<\/p>\n\n\n\n<p>616c3026c24426706adab5487891137a925e6d3056e190231612ff55a685d374<\/p>\n\n\n\n<p>fd8b80db189d9ffff96d8aed16d55406fd94b72c1cad092c782342036c0b01d2<\/p>\n\n\n\n<p>c2a3958006dd5cb31ce7c7e4e145616aa0dd6734ebe0065f1daf810d630d391c<\/p>\n\n\n\n<p>ad98934c2116a8c1b2eb4122d5d4b7232ebc1ebf7eeefcd46762dbbae73ed7ad<\/p>\n\n\n\n<p>3d6c67e7bdc1b12664da2709b0aea624f0a3104cbbb7fb9bbf3d671c8ccd8d3f<\/p>\n\n\n\n<p>677601caaef09a9bd8c8c7298674e8cbd728021ad284352978881028b0720e69<\/p>\n\n\n\n<p>355c5eb559447a7d0c1aa8ba08db12b8b252db0377429d602b9b71e1e0f97046<\/p>\n\n\n\n<p>4b37a07624ffb4f6a132ba315f96cce2559793cf7c71204b1bbdb00e35e49c2d<\/p>\n\n\n\n<p>caee51524d1e97152f5c6b98401c9d553fbfa976def5517aed4114cc3da58d6d<\/p>\n\n\n\n<p>950328ed53e05d2ff7b069a4418da326898ba11a874a549660d16b30407a0f22<\/p>\n\n\n\n<p>c6384b86f18b6a78ab0283bed6a11472e4e9d266d210be8aae9a10708433c786<\/p>\n\n\n\n<p>c9spus[.]com<\/p>\n\n\n\n<p>aacfdhr34wgr[.]com<\/p>\n\n\n\n<p>http[:]\/\/102.37.220[.]234\/htdocs\/<\/p>\n<\/body><\/html>\n","protected":false},"excerpt":{"rendered":"<p>Overview NSFOCUS Security Labs detected a string of related phishing attacks recently. The analysis confirmed that these activities were staged by the APT group Evilnum and they were a continuation of the group&#8217;s recent operation DarkCasino. This round of cyberattacks occurred in late July and lasted until early August. Evilnum attackers maintained consistent attack methodology [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":21034,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[3],"tags":[94],"class_list":["post-21341","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-apt-group"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>APT Group Evilnum Launched a New Round of Cyberattacks on Online Transactions - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nsfocusglobal.com\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"APT Group Evilnum Launched a New Round of Cyberattacks on Online Transactions - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"Overview NSFOCUS Security Labs detected a string of related phishing attacks recently. The analysis confirmed that these activities were staged by the APT\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2022-09-26T00:53:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-17T18:07:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Freature-Image-APT-Evilnum-e1663550763255.png\" \/>\n<meta name=\"author\" content=\"NSFOCUS\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"APT Group Evilnum Launched a New Round of Cyberattacks on Online Transactions - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"Overview NSFOCUS Security Labs detected a string of related phishing attacks recently. The analysis confirmed that these activities were staged by the APT\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Freature-Image-APT-Evilnum-e1663550763255.png\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"NSFOCUS\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\\\/\"},\"author\":{\"name\":\"NSFOCUS\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"APT Group Evilnum Launched a New Round of Cyberattacks on Online Transactions\",\"datePublished\":\"2022-09-26T00:53:41+00:00\",\"dateModified\":\"2026-04-17T18:07:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\\\/\"},\"wordCount\":1510,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/Freature-Image-APT-Evilnum-e1663550763255.png\",\"keywords\":[\"APT Group;\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\\\/\",\"name\":\"APT Group Evilnum Launched a New Round of Cyberattacks on Online Transactions - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/Freature-Image-APT-Evilnum-e1663550763255.png\",\"datePublished\":\"2022-09-26T00:53:41+00:00\",\"dateModified\":\"2026-04-17T18:07:43+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/Freature-Image-APT-Evilnum-e1663550763255.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/Freature-Image-APT-Evilnum-e1663550763255.png\",\"width\":200,\"height\":156,\"caption\":\"Hacker in dark room, APT Group Evilnum.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"APT Group Evilnum Launched a New Round of Cyberattacks on Online Transactions\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"NSFOCUS\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"NSFOCUS\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"APT Group Evilnum Launched a New Round of Cyberattacks on Online Transactions - NSFOCUS","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nsfocusglobal.com\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\/","og_locale":"pt_BR","og_type":"article","og_title":"APT Group Evilnum Launched a New Round of Cyberattacks on Online Transactions - NSFOCUS","og_description":"Overview NSFOCUS Security Labs detected a string of related phishing attacks recently. The analysis confirmed that these activities were staged by the APT","og_url":"https:\/\/nsfocusglobal.com\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\/","og_site_name":"NSFOCUS","article_published_time":"2022-09-26T00:53:41+00:00","article_modified_time":"2026-04-17T18:07:43+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Freature-Image-APT-Evilnum-e1663550763255.png","type":"","width":"","height":""}],"author":"NSFOCUS","twitter_card":"summary_large_image","twitter_title":"APT Group Evilnum Launched a New Round of Cyberattacks on Online Transactions - NSFOCUS","twitter_description":"Overview NSFOCUS Security Labs detected a string of related phishing attacks recently. The analysis confirmed that these activities were staged by the APT","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Freature-Image-APT-Evilnum-e1663550763255.png","twitter_misc":{"Escrito por":"NSFOCUS","Est. tempo de leitura":"5 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\/"},"author":{"name":"NSFOCUS","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"APT Group Evilnum Launched a New Round of Cyberattacks on Online Transactions","datePublished":"2022-09-26T00:53:41+00:00","dateModified":"2026-04-17T18:07:43+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\/"},"wordCount":1510,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Freature-Image-APT-Evilnum-e1663550763255.png","keywords":["APT Group;"],"articleSection":["Blog"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\/","url":"https:\/\/nsfocusglobal.com\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\/","name":"APT Group Evilnum Launched a New Round of Cyberattacks on Online Transactions - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Freature-Image-APT-Evilnum-e1663550763255.png","datePublished":"2022-09-26T00:53:41+00:00","dateModified":"2026-04-17T18:07:43+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Freature-Image-APT-Evilnum-e1663550763255.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2022\/09\/Freature-Image-APT-Evilnum-e1663550763255.png","width":200,"height":156,"caption":"Hacker in dark room, APT Group Evilnum."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/apt-group-evilnum-launched-a-new-round-of-cyberattacks-on-online-transactions\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"APT Group Evilnum Launched a New Round of Cyberattacks on Online Transactions"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/#website","url":"https:\/\/nsfocusglobal.com\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"NSFOCUS","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"NSFOCUS"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/21341","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=21341"}],"version-history":[{"count":0,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/21341\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/21034"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=21341"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=21341"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=21341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}