US$5 million reward offered for ‘Evil Corp’ hacker Maksim Yakubets, who has Russian spy links
- Lamborghini-driving Moscow criminal and partner Igor Turashev indicted over US$100 million international cybertheft spree
- Group inserted Dridex, Bugat and other malware on a victims’ computers, gaining access to identities, passwords and bank accounts
A Lamborghini-driving Moscow hacker who called his operation Evil Corp and has ties to the FSB Russian intelligence service was indicted by US authorities on Thursday for the cybertheft of tens of millions of dollars.
An indictment unsealed in Pittsburgh named Maksim Yakubets and his Evil Corp partner Igor Turashev as the main figures in a group which inserted malware on computers in dozens of countries to steal more than US$100 million from companies and local authorities.
The indictment was accompanied by sanctions from the US Treasury on the two men, as well as the announcement of a US$5 million reward toward Yakubets’ arrest and conviction – the highest reward ever offered for a cybercriminal.
“Maksim Yakubets allegedly has engaged in a decade-long cybercrime spree that deployed two of the most damaging pieces of financial malware ever used and resulted in tens of millions of dollars of losses to victims worldwide,” said US Assistant Attorney General Brian Benczkowski.
The Treasury said Yakubets specifically worked for the FSB intelligence agency “as of 2017” and was “tasked to work on projects for the Russian state”.
“Evil Corp and their Dridex software serves as yet another example of the Russian government enlisting the assistance of cybercriminals to carry out malign activities,” a Treasury official told reporters on condition of anonymity.
“Today’s action makes absolutely clear that we will not tolerate this type of activity by any government or by any government’s proxies.”
Evil Corp used phishing schemes to insert Dridex, Bugat and other malware files on victims’ computers, gaining access to identities, passwords, and ultimately bank accounts, from which they then transferred millions of dollars to themselves.
US sanctions North Korean hackers behind WannaCry, Sony cyberattacks
Their tools, built from an early malware known as Zeus, could also be used to defeat banks’ online computer security systems.
Investigators were already aware of Yakubets, 32, in 2009, after they traced him from his online nickname “aqua”.
According to Britain’s National Crime Agency, which took part in the investigation, he was unabashed about his wealth, spending over £250,000 (US$330,000) on his wedding.
His customised Lamborghini has a personalised number plate that translates to “thief”, according to the NCA.
Yakubets oversaw the Evil Corp network managing the thefts and transfers of money.
Officials said they ran a constantly evolving, innovative and audacious operation that stayed ahead of investigators, even as some its participants, including two Ukraine based hackers in 2014, were arrested and network nodes shuttered.
In 2015 US and British investigators disabled the Dridex botnet, but “within weeks” Evil Corp adapted it and their infrastructure to resume their thefts.
The group “had a level of sophistication and scope of threat that we rarely see”, said Pittsburgh-based US lawyer Scott Brady.
Chinese hackers broke into Asian telecoms networks to spy on Uygurs: sources
Victims included a Franciscan Sisters religious order, a Pennsylvania district school board, an oil company and a gun manufacturer.
In the United States, the total stolen in almost a decade was US$70 million, while worldwide the known losses top US$100 million, officials said.
At least 300 banks hit by the fraudulent thefts are known, but officials say the individuals robbed could number in the thousands worldwide.
Yakubets and Turashev were charged in Pittsburgh and a parallel indictment in Lincoln, Nebraska with multiple counts of conspiracy, computer hacking, wire fraud and bank fraud.
Both men are believed to be in Russia, and face possible extradition to the United States if they are arrested in other countries.