Hackers in the Evilnum group have developed a toolset that combines custom malware, legitimate utilities, and tools bought from a malware-as-a-service (MaaS) provider that caters to big fintech threat actors. The group has been active since at least 2018 and focuses on companies from the financial technology sector that offer trading and investment platforms. Its targets are both companies and their customers, the objective being to steal financial information. An investigation into Evilnum s activity from cybersecurity company ESET reveals that they re looking for the following type of data: spreadsheets and documents with investment and trading operations.
Source: https://www.bleepingcomputer.com/news/security/evilnum-hackers-use-the-same-malware-supplier-as-fin6-cobalt/