Zev

Zev is a threat actor that has been reportedly active since 2016. Initially, this group was known for distributing payloads such as Valak, IcedID, and QakBot. However, in late June 2021, the group started distributing Trickbot with the 'zev' gtag. By mid-to-late July 2021, they had switched to BazarLoader. The cybersecurity industry often uses unique naming conventions like these gtages to track and identify different threat actors and their activities. The operations of Zev are closely tied with ITG23 operatives and the threat actor Zeus. These entities have collaborated on various campaigns, from which the 'zev,' 'zem,' and 'zvs' gtag names may have originated. This suggests a high level of cooperation and coordination among these threat actors, which could potentially increase the sophistication and impact of their malicious activities. It's important to note that there might be some confusion due to the name 'Zev'. For instance, Zev Brodsky is an author for the Silverfort Blog, a syndicated blog from the Security Bloggers Network, which covers cybersecurity news. Additionally, Volkswagen, Ford, and Tesla have argued for a tougher ZEV (Zero Emission Vehicle) mandate. Neither of these cases are related to the threat actor Zev. Furthermore, Reuven Zev Cohen is an author who publishes papers on arXiv, and his work is unrelated to the threat actor Zev.