Security Experts:

Connect with us

Hi, what are you looking for?



US Indicts ‘Evil Corp’ Hackers With Alleged Russian Intelligence Ties

A Lamborghini-driving Moscow hacker who called his operation Evil Corp and has ties to the FSB Russian intelligence service was indicted by US authorities Thursday for the cybertheft of tens of millions of dollars.

A Lamborghini-driving Moscow hacker who called his operation Evil Corp and has ties to the FSB Russian intelligence service was indicted by US authorities Thursday for the cybertheft of tens of millions of dollars.

An indictment unsealed in Pittsburgh named Maksim Yakubets and his Evil Corp partner Igor Turashev as the main figures in a group which inserted malware on computers in dozens of countries to steal more than $100 million from companies and local authorities.

The indictment was accompanied by sanctions from the US Treasury on the two men, as well as the announcement of a $5 million reward toward Yakubets’ arrest and conviction — the highest reward ever offered for a cybercriminal.

“Maksim Yakubets allegedly has engaged in a decade-long cybercrime spree that deployed two of the most damaging pieces of financial malware ever used and resulted in tens of millions of dollars of losses to victims worldwide,” said US Assistant Attorney General Brian Benczkowski.

The Treasury said Yakubets specifically worked for the FSB intelligence agency “as of 2017” and was “tasked to work on projects for the Russian state.”

“Evil Corp and their Dridex software serves as yet another example of the Russian government enlisting the assistance of cybercriminals to carry out malign activities,” a Treasury official told reporters on condition of anonymity.

“Today’s action makes absolutely clear that we will not tolerate this type of activity by any government or by any government’s proxies.”

– Lamborghini plate read ‘thief’ –

Evil Corp used phishing schemes to insert Dridex, Bugat and other malware files on a victims’ computers, gaining access to identities, passwords, and ultimately bank accounts, from which they then transferred millions of dollars to themselves.

Their tools, which built from an early malware known as Zeus, could also be used to defeat banks’ online computer security systems.

Investigators were aware of Yakubets, 32, already in 2009, after they traced him from his online nickname “aqua.”

According to Britain’s National Crime Agency, which took part in the investigation, he was unabashed about his wealth, spending over a quarter-million pounds (over $330,000) on his wedding.

His customized Lamborghini has a personalized number plate that translates to “thief, according to the NCA.

Yakubets oversaw the Evil Corp network managing the thefts and transfers of money.

– ‘Rarely-seen’ sophistication –

Officials said they ran a constantly evolving, innovative and audacious operation that stayed ahead of investigators, even as some its participants, including two Ukraine based hackers in 2014, were arrested and network nodes shuttered.

In 2015 US and British investigators disabled the Dridex botnet, but “within weeks” Evil Corp adapted it and their infrastructure to resume their thefts.

The group “had a level of sophistication and scope of threat that we rarely see,” said Pittsburgh-based US Attorney Scott Brady.

Victims included a Franciscan Sisters religious order, a Pennsylvania district school board, an oil company and a gun manufacturer.

In the United States, the total stolen in almost a decade was $70 million, while worldwide the known losses top $100 million, officials said.

At least 300 banks hit by the fraudulent thefts are known, but officials say the individuals robbed could number in the thousands worldwide.

Yakubets and Turashev were charged in Pittsburgh and a parallel indictment in Lincoln, Nebraska with multiple counts of conspiracy, computer hacking, wire fraud, and bank fraud.

Both men are believed to be in Russia, and face possible extradition to the United States if they are arrested in other countries.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...