Enjoying ad-free content?
Since July 1, 2024, we have disabled all ads to improve your reading experience.
This commitment costs us $10,000 a month. Your support can help us fill the gap.
Support us
Our journalism is banned in Russia. We need your help to keep providing you with the truth.

U.S. Sanctions Russian Cybercrime Outfit 'Evil Corp'

The U.S. government is offering a $5 million reward for the capture of Evil Corp's leader.

The U.S. government said Evil Corp was behind $100 million of stolen funds. Christopher Schirner / Flickr (CC BY-SA 2.0)

The U.S. Treasury Department said it would sanction a Russian group known as “Evil Corp” and its leaders for cyber-thefts at hundreds of financial institutions around the world that total more than $100 million.

The targets include the group’s leader, identified as Maksim Yakubets. The U.S. said he also worked for the Russian Federal Security Service, an intelligence agency known as the FSB that’s already under U.S. sanctions, and was directed to work on projects for the Russian state as of 2017.

The sanctions were accompanied by indictments of Yakubets filed in federal court in Nebraska and Pennsylvania, charging him with conspiracy and fraud involving Bank of America and regional U.S. lenders. He is at large, and the State Department offered a $5 million reward for information leading to his capture.

Yakubets “is not the first cybercriminal to be tied to the Russian government,” the Treasury Department said in a statement, citing the 2017 indictment of two FSB officers and conspirators for compromising “millions” of Yahoo email accounts. “The United States Government will not tolerate this type of activity by another government or its proxies and will continue to hold all responsible parties accountable.”

Another top Evil Corp leader, Igor Turashev, was also sanctioned and indicted.

“For over a decade, Maksim Yakubets and Igor Turashev led one of the most sophisticated transnational cyber-crime syndicates in the world,” U.S. Attorney Scott Brady said in a statement.

Evil Corp has used malware called Dridex to harvest log-in credentials from banks and financial institutions in more than 40 countries, the Treasury Department said. Prosecutors said in the Nebraska indictment that the malware affected thousands of computers.

“Our goal is to shut down Evil Corp, deter the distribution of Dridex, target the ‘money mule’ network used to transfer stolen funds, and ultimately to protect our citizens from the group’s criminal activities,” Treasury Secretary Steven Mnuchin said in the statement.

Senior Treasury officials said the U.S. action was coordinated with a crackdown on Evil Corp and Dridex by the U.K., and also in cooperation with countries and places targeted by the group including Italy, Australia, the United Arab Emirates, Canada, France, India, Hong Kong and Malaysia.

Dridex, also known as Bugat and Cridex, often reaches victims through phishing emails. It is “a multifunction malware package that automates the theft of confidential personal and financial information, such as online banking credentials, from infected computers through the use of keystroke logging and web injects,” according to the indictment.

In October of 2015, U.S. prosecutors indicted Moldovan national Andrey Ghinkul for cyber-attacks using Dridex, which Justice called “a sophisticated malware package designed to steal banking and other credentials from infected computers.”

Dridex can be used by hackers as a tool for compromising credentials and gaining access to financial information. It is “one of the most prevalent eCrime malware families,” according to a July report by the cybersecurity firm Crowdstrike, which said that Dridex was used significantly in 2015 and 2016.

… we have a small favor to ask. As you may have heard, The Moscow Times, an independent news source for over 30 years, has been unjustly branded as a "foreign agent" by the Russian government. This blatant attempt to silence our voice is a direct assault on the integrity of journalism and the values we hold dear.

We, the journalists of The Moscow Times, refuse to be silenced. Our commitment to providing accurate and unbiased reporting on Russia remains unshaken. But we need your help to continue our critical mission.

Your support, no matter how small, makes a world of difference. If you can, please support us monthly starting from just $2. It's quick to set up, and you can be confident that you're making a significant impact every month by supporting open, independent journalism. Thank you.

paiment methods
Not ready to support today?
Remind me later.

Read more