Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

US Indicts ‘Evil Corp’ Hackers With Alleged Russian Intelligence Ties

A Lamborghini-driving Moscow hacker who called his operation Evil Corp and has ties to the FSB Russian intelligence service was indicted by US authorities Thursday for the cybertheft of tens of millions of dollars.

A Lamborghini-driving Moscow hacker who called his operation Evil Corp and has ties to the FSB Russian intelligence service was indicted by US authorities Thursday for the cybertheft of tens of millions of dollars.

An indictment unsealed in Pittsburgh named Maksim Yakubets and his Evil Corp partner Igor Turashev as the main figures in a group which inserted malware on computers in dozens of countries to steal more than $100 million from companies and local authorities.

The indictment was accompanied by sanctions from the US Treasury on the two men, as well as the announcement of a $5 million reward toward Yakubets’ arrest and conviction — the highest reward ever offered for a cybercriminal.

“Maksim Yakubets allegedly has engaged in a decade-long cybercrime spree that deployed two of the most damaging pieces of financial malware ever used and resulted in tens of millions of dollars of losses to victims worldwide,” said US Assistant Attorney General Brian Benczkowski.

The Treasury said Yakubets specifically worked for the FSB intelligence agency “as of 2017” and was “tasked to work on projects for the Russian state.”

“Evil Corp and their Dridex software serves as yet another example of the Russian government enlisting the assistance of cybercriminals to carry out malign activities,” a Treasury official told reporters on condition of anonymity.

“Today’s action makes absolutely clear that we will not tolerate this type of activity by any government or by any government’s proxies.”

– Lamborghini plate read ‘thief’ –

Advertisement. Scroll to continue reading.

Evil Corp used phishing schemes to insert Dridex, Bugat and other malware files on a victims’ computers, gaining access to identities, passwords, and ultimately bank accounts, from which they then transferred millions of dollars to themselves.

Their tools, which built from an early malware known as Zeus, could also be used to defeat banks’ online computer security systems.

Investigators were aware of Yakubets, 32, already in 2009, after they traced him from his online nickname “aqua.”

According to Britain’s National Crime Agency, which took part in the investigation, he was unabashed about his wealth, spending over a quarter-million pounds (over $330,000) on his wedding.

His customized Lamborghini has a personalized number plate that translates to “thief, according to the NCA.

Yakubets oversaw the Evil Corp network managing the thefts and transfers of money.

– ‘Rarely-seen’ sophistication –

Officials said they ran a constantly evolving, innovative and audacious operation that stayed ahead of investigators, even as some its participants, including two Ukraine based hackers in 2014, were arrested and network nodes shuttered.

In 2015 US and British investigators disabled the Dridex botnet, but “within weeks” Evil Corp adapted it and their infrastructure to resume their thefts.

The group “had a level of sophistication and scope of threat that we rarely see,” said Pittsburgh-based US Attorney Scott Brady.

Victims included a Franciscan Sisters religious order, a Pennsylvania district school board, an oil company and a gun manufacturer.

In the United States, the total stolen in almost a decade was $70 million, while worldwide the known losses top $100 million, officials said.

At least 300 banks hit by the fraudulent thefts are known, but officials say the individuals robbed could number in the thousands worldwide.

Yakubets and Turashev were charged in Pittsburgh and a parallel indictment in Lincoln, Nebraska with multiple counts of conspiracy, computer hacking, wire fraud, and bank fraud.

Both men are believed to be in Russia, and face possible extradition to the United States if they are arrested in other countries.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

Jill Passalacqua has been appointed Chief Legal Officer at autonomous security solutions provider Horizon3.ai.

Cisco has appointed Sean Duca as CISO and Practice Leader for the APJC region.

More People On The Move

Expert Insights