Phishing thieves or yet another phantom menace? US goes after ‘Russian-based Evil Corp’

Hackers known as ‘Evil Corp’ have been charged and sanctioned by the US for allegedly stealing over $100 million via phishing and malware attacks and being Kremlin spies – though Russia helped US authorities in going after them.

The US Department of Justice unsealed the indictments against Russian nationals Maksim Yakubets and Igor Turashev on Thursday, accusing them of international computer hacking and bank fraud schemes dating back to 2009. A $5 million bounty was offered for the arrest of Yakubets, the largest such reward for a cyber crime case ever.

Yakubets and Turashev have “led one of the most sophisticated transnational cybercrime syndicates in the world” for over a decade, said US Attorney for the Western District of Pennsylvania, Scott Brady. He accused the duo of being behind the malware known first as Bugat, then Cridex and Dridex, used “across the globe in one of the most widespread malware campaigns we have ever encountered.”

After the indictment was revealed, the US Treasury Department invoked the CAATSA sanctions bill to blacklist Yakubets, Turashev and 15 other people, along with seven companies – including ‘Evil Corp’, a designation that does not appear in the DOJ statements but nevertheless somehow became the widely used name for the alleged crime syndicate in the US press.

Treasury Secretary Steven Mnuchin went so far as to call the organization a “Russian-based hacker group,” and accuse Yakubets and his associates of working for the Russian intelligence agency FSB, “highlighting the Russian government’s enlistment of cybercriminals for its own malicious purposes.”

Not surprisingly, the indictments and sanctions are “part of a multiyear effort with key NATO allies, including the United Kingdom,” Mnuchin revealed. The UK National Crime Agency (NCA) has been involved with the case.

While the US Treasury argued that Yakubets and ‘Evil Corp’ were Russian government spies, the DOJ made no such claim, and even noted that the US authorities were “assisted” by Russian law enforcement, among others.

Accusations that the alleged hackers have ties to the Russian government are “baseless,” Russian Ambassador to the US Anatoly Antonov said on Thursday.

Even though the DOJ was careful to note that the indictment contains mere accusations that still need to be proven in court, the Treasury has made no such distinction – and neither have the media.

Questionable claims about Kremlin ties aside, if Treasury and DOJ allegations about the malware itself are true, it appears to be serious business. Bugat/Cridex/Dridex is said to infect computers and harvests banking login credentials, enabling the people behind it to steal over $100 million over the past decade, mainly from the US and UK corporations. Later versions also installed ransomware, extorting payments from victims in order to unlock access to their data.

Think your friends would be interested? Share this story!