Security Experts:

Connect with us

Hi, what are you looking for?



US Indicts ‘Evil Corp’ Hackers With Alleged Russian Intelligence Ties

A Lamborghini-driving Moscow hacker who called his operation Evil Corp and has ties to the FSB Russian intelligence service was indicted by US authorities Thursday for the cybertheft of tens of millions of dollars.

A Lamborghini-driving Moscow hacker who called his operation Evil Corp and has ties to the FSB Russian intelligence service was indicted by US authorities Thursday for the cybertheft of tens of millions of dollars.

An indictment unsealed in Pittsburgh named Maksim Yakubets and his Evil Corp partner Igor Turashev as the main figures in a group which inserted malware on computers in dozens of countries to steal more than $100 million from companies and local authorities.

The indictment was accompanied by sanctions from the US Treasury on the two men, as well as the announcement of a $5 million reward toward Yakubets’ arrest and conviction — the highest reward ever offered for a cybercriminal.

“Maksim Yakubets allegedly has engaged in a decade-long cybercrime spree that deployed two of the most damaging pieces of financial malware ever used and resulted in tens of millions of dollars of losses to victims worldwide,” said US Assistant Attorney General Brian Benczkowski.

The Treasury said Yakubets specifically worked for the FSB intelligence agency “as of 2017” and was “tasked to work on projects for the Russian state.”

“Evil Corp and their Dridex software serves as yet another example of the Russian government enlisting the assistance of cybercriminals to carry out malign activities,” a Treasury official told reporters on condition of anonymity.

“Today’s action makes absolutely clear that we will not tolerate this type of activity by any government or by any government’s proxies.”

– Lamborghini plate read ‘thief’ –

Evil Corp used phishing schemes to insert Dridex, Bugat and other malware files on a victims’ computers, gaining access to identities, passwords, and ultimately bank accounts, from which they then transferred millions of dollars to themselves.

Their tools, which built from an early malware known as Zeus, could also be used to defeat banks’ online computer security systems.

Investigators were aware of Yakubets, 32, already in 2009, after they traced him from his online nickname “aqua.”

According to Britain’s National Crime Agency, which took part in the investigation, he was unabashed about his wealth, spending over a quarter-million pounds (over $330,000) on his wedding.

His customized Lamborghini has a personalized number plate that translates to “thief, according to the NCA.

Yakubets oversaw the Evil Corp network managing the thefts and transfers of money.

– ‘Rarely-seen’ sophistication –

Officials said they ran a constantly evolving, innovative and audacious operation that stayed ahead of investigators, even as some its participants, including two Ukraine based hackers in 2014, were arrested and network nodes shuttered.

In 2015 US and British investigators disabled the Dridex botnet, but “within weeks” Evil Corp adapted it and their infrastructure to resume their thefts.

The group “had a level of sophistication and scope of threat that we rarely see,” said Pittsburgh-based US Attorney Scott Brady.

Victims included a Franciscan Sisters religious order, a Pennsylvania district school board, an oil company and a gun manufacturer.

In the United States, the total stolen in almost a decade was $70 million, while worldwide the known losses top $100 million, officials said.

At least 300 banks hit by the fraudulent thefts are known, but officials say the individuals robbed could number in the thousands worldwide.

Yakubets and Turashev were charged in Pittsburgh and a parallel indictment in Lincoln, Nebraska with multiple counts of conspiracy, computer hacking, wire fraud, and bank fraud.

Both men are believed to be in Russia, and face possible extradition to the United States if they are arrested in other countries.

Written By

AFP 2023

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack