What did Evil Corp do?

Evil Corp is a notorious cybercriminal group that has been active for over a decade. They are responsible for some of the biggest data breaches and cyber attacks in history. But what exactly have they done? Let’s take a closer look at Evil Corp’s major cyber crimes and attacks.

Target data breach

One of Evil Corp’s earliest and most infamous cyber attacks was the massive data breach at Target in 2013. They infiltrated Target’s payment systems and stole the personal and financial information of up to 110 million Target customers. This included names, mailing addresses, phone numbers, email addresses, and payment card data. The scale of the breach made it one of the largest retail data breaches in history at the time.

Year Number of records breached
2013 110 million

The fallout from the Target breach was enormous. The company faced heavy fines, lawsuits, and damage to its reputation. Meanwhile, Evil Corp made millions selling the stolen payment card data on the dark web. The Target hack put Evil Corp firmly on the map as a top cybercriminal threat.

JP Morgan Chase data breach

In 2014, Evil Corp set their sights on major financial institutions. They infiltrated the networks of JP Morgan Chase and stole sensitive data on over 83 million customers. This included names, addresses, phone numbers, email addresses, and account information. It remains one of the largest data breaches ever targeting a U.S. financial institution.

Year Number of records breached
2014 83 million

The JP Morgan Chase breach compromised highly sensitive financial information and caused major reputational damage. Meanwhile, Evil Corp profited by selling the stolen data online. The sophisticated hack highlighted their technical capabilities to target major corporations.

Equifax data breach

In 2017, Evil Corp organized and carried out the devastating Equifax breach that exposed the personal data of 147 million Americans. They exploited a vulnerability in Equifax’s systems to steal names, Social Security numbers, birth dates, addresses, and driver’s license information. This data could be used for identity theft and financial fraud.

Year Number of records breached
2017 147 million

The Equifax breach is considered one of the worst data breaches ever. The scope of sensitive information stolen made it a identity theft goldmine. Evil Corp was once again able to monetize the data by selling it online. Meanwhile, Equifax faced billions in costs related to the breach, including lawsuits, fines, and response efforts.

Deep Panda malware infections

In addition to data breaches, Evil Corp develops and spreads malware to infiltrate corporate networks and government agencies. One of their most successful malware campaigns involved the Deep Panda virus. First appearing in 2014, Deep Panda infected thousands of systems across industries like healthcare, energy, and manufacturing.

Deep Panda gave Evil Corp remote access and control over infected systems. They could steal sensitive files, monitor communications, and more. Even when detected, Deep Panda was difficult to remove due to advanced stealth capabilities baked into the malware.

Industries targeted


Deep Panda let Evil Corp spy on major companies and government agencies around the world. They likely used intelligence gained from the malware to enable further targeted attacks.

WannaCry ransomware attacks

In 2017, Evil Corp unleashed the devastating WannaCry ransomware attacks. WannaCry encrypted data on infected computers and demanded ransom payments in Bitcoin to decrypt the files. It spread rapidly across 150 countries, infecting over 200,000 systems.

Year Systems infected
2017 Over 200,000

WannaCry had crippling impacts on businesses, hospitals, government agencies, and other critical infrastructure. With users unable to access essential files and systems, massive disruption and financial damage resulted. Evil Corp cashed in on millions in ransom payments from desperate victims.

Notable victims

UK National Health Service
Deutsche Bahn

WannaCry demonstrated Evil Corp’s ability to develop ransomware with worm-like capabilities to spread rapidly across networks. It highlighted weaknesses in cyber defenses across both private and public sectors.

Methbot ad fraud operation

Evil Corp diversified into cybercrime beyond data breaches and ransomware. In 2016, they developed and ran Methbot – a sophisticated ad fraud operation that stole over $5 million per day at its peak.

Methbot spoofed real web traffic to fraudulently generate ad revenue from ad networks like Google and Facebook. The bots impersonated human web browsing behavior to create fake ad impressions. This let Evil Corp earn lucrative payouts from ad networks with little risk of detection.

Key stats

Revenue per day Fake video ad impressions
$5 million+ Over 300 million per day

Methbot highlighted Evil Corp’s ability to innovate new types of cybercrime beyond conventional hacking and malware. Combining technical expertise with business savvy, they produced extremely profitable results from an audacious ad fraud scheme.

Dridex banking trojan

Evil Corp also develops and operates the Dridex banking trojan, one of the most dangerous pieces of financial malware. Active since 2014, Dridex mainly targets online banking credentials through phishing emails containing malicious attachments.

Once activated, Dridex initiates man-in-the-middle attacks to intercept banking credentials and perform unauthorized bank transfers. Dridex also contains keylogging and screenshot capture capabilities to steal additional financial data.

Key capabilities

Man-in-the-middle attacks
Screenshot capture

Dridex lets Evil Corp infiltrate bank accounts to steal large sums from companies, organizations, and individuals worldwide. The advanced trojan continues to evolve with new variants identified regularly.

GameOver Zeus botnet

Evil Corp has also run some of the most formidable botnets in the cybercrime world. The GameOver Zeus botnet infected over 1 million computers at its peak in 2012-2014. The sophisticated botnet stole banking credentials, financial data, and other sensitive information.

Years active Infections
2012-2014 Over 1 million

GameOver Zeus Botnet demonstrated Evil Corp’s technical expertise in building and managing large-scale botnets for data theft and fraud.

Encryption services for cybercriminals

Evil Corp provides services and tools to other cybercriminals, including sophisticated encryption through its Cryptolocker ransomware-as-a-service.

This allowed other criminals to deploy ransomware with advanced encryption provided by Evil Corp. They could launch attacks while Evil Corp handled the complex back-end encryption and payment systems.

Services offered

Ransomware creation kit
Payment site hosting
Automated distribution

By offering services to other cybercriminals, Evil Corp made money while building relationships with the broader cybercrime world.

Sony Pictures hack

In 2014, Evil Corp allegedly orchestrated the destructive hack against Sony Pictures in retaliation over the film “The Interview.” They wiped data from thousands of computers and stole over 100 terabytes of files including upcoming movie scripts, sensitive emails, and employee data.

Data stolen
Over 100 terabytes

The Sony Pictures hack was a brazen cyber attack with a political motive. It demonstrated Evil Corp’s capabilities and willingness to attack major corporations in disruptive data breaches.


Evil Corp has proven to be one of the most formidable cybercrime groups active today. For over a decade, they have infiltrated some of the world’s largest companies and government agencies stealing sensitive data impacting billions of people. Driven by profit and unrestrained by ethics, they have pioneered innovative forms of cybercrime while causing massive financial and reputational damage to victims.

From data breaches to ransomware to ad fraud, Evil Corp’s scope of cyber attacks demonstrates their technical sophistication and criminal ambition. They take advantage of vulnerabilities across industries and borders, monetizing stolen data and paying little regard to the disruption caused. With their capabilities and global reach, Evil Corp remains a top cybercrime threat as long as profit motivates their constant innovation of new modes of attack.