In the past weeks, information-stealing malware EyePyramid made headlines after it was used to steal 87GB of sensitive data from government offices, private companies and public organizations. More than 100 email domains and 18,000 email accounts were targeted, including those of high-profile victims in Italy, the U.S., Japan and Europe.
The natural assumption for many would be that EyePyramid was a state-sponsored cyberespionage campaign. It wasn’t. It was ultimately attributed to a brother-sister team who used the malware for profit.