US authorities on Thursday took aim at Russian cybercriminal group Evil Corp, indicting its Lamborghini-driving alleged leader and ordering asset freezes against 17 associates over a digital crime spree that netted more than $100 million from companies across the world.
The action against Evil Corp., described by officials as one of the most damaging criminal organisations on the internet, comes with a $5 million bounty for information leading to the arrest of alleged leader, Maksim Yakubets.
British authorities describe the 32-year-old Yakubets as a supercar-lover who customised his Lamborghini license plate to read “Thief” in Russian and ran his operation from the basements of Moscow cafes.
“Yakubets is a true 21st century criminal,” US Assistant Attorney General Brian Benczkowski said. “He’s earned his place on the FBI’s list of the world’s most wanted cyber criminals.”
Evil Corp is alleged to be behind the ever-evolving family of malicious software Dridex which bedevilled banks and businesses since first appearing in 2011. The malware hacks into banks and businesses making rogue financial transfers that are eventually funnelled back to the hackers. It has branched out into ransomware.
Underlining alleged links between cybercriminals and the Russian state, US Treasury officials said Yakubets worked on the side for Russia’s Federal Security Service (FSB), its domestic intelligence agency and stole classified material on Moscow’s behalf. A senior US Treasury official said he applied to the FSB for a license to handle secret documents.
The FBI said the Russian government was “helpful to a point” in their request to track the hackers down. US officials declined to comment on whether either of the men had links to the Russian government. The FSB did not immediately reply to a Reuters request for comment sent after hours in Russia.
Dridex targeted smaller businesses and organisations that lacked sophisticated cyber-defences, US officials said.
The indictments only mentioned incidents in Nebraska and Pennsylvania, victims spanned the United States – including a dairy company in Ohio, a luggage company in New Mexico and a religious order in Nebraska, FBI Deputy Director David Bowdich told a news conference.
Losses totalled $70 million in the United States alone.
The crackdown straddled the world of cybercrime and intelligence. US Treasury and Justice Departments worked in co-ordination with Britain’s National Crime Agency, which published photographs and video of the hacker’s lavish, devil-may-care lifestyle featuring pictures of his camouflaged car streaked with florescent yellow.
The director general of the British agency, Lynne Owens, said Yakubets and Evil Corp “represent the most significant cyber-crime threat to the UK,” a sentiment endorsed by John Shier, an expert at UK-based cybersecurity company Sophos.
“I’d put them in the top tier,” he said of the group’s operators.
American and British companies were targets of choice, according to US Treasury officials. They said France, Italy, the United Arab Emirates, India and Malaysia were also affected.
In addition to Yakubets, his close associate Igor Turashev (38) was also indicted in the United States for allegedly serving as group technical administrator. UK authorities arrested and convicted eight other members of the network.
This is at least the second major effort by American authorities and allies to bring down Evil Corp – whose eye-catching name appears to be more nickname than formal company. A 2015 indictment charged Yakubets and Turashev with fraud and hacking crimes, but they were never arrested and – following a brief disruption – Dridex went back to stealing money.
Shier said Thursday’s attempt appeared to be more robust – but he doubted Yakubets would ever see justice.
“What are the chances this guy is going to face trial in the United States?” he said. “Next to zero.”
Officials describe the charges as an important step that strips the hackers of anonymity and makes it difficult for them to travel internationally.
Benczkowski, head of the US Justice Department’s Criminal Division, said the group was carrying out crimes as recently as May. “It is fair to say they are not out of business at this point,” he said. “But that is our ultimate goal.”