Evil Corp hackers indicted for running Dridex malware campaigns

A joint collaboration between the National Crime Agency, the National Cyber Security Centre, and the FBI has culminated with the indictment of two Russian hackers named Maksim Yakubets and Igor Turashev who ran "the world’s most harmful cyber crime group" called Evil Corp.

As a result of painstaking investigations carried out by the three agencies from the UK and the United States, a U.S. court recently indicted 32-year-old Maksim Yakubets and 38-year-old Igor Turashev for carrying out Dridex and Zeus financial malware campaigns through Evil Corp that cost UK and US organisations hundreds of millions of pounds in financial losses.

While Yakubets ran the hacker group Evil Corp from the basements of Moscow cafes, employing dozens of hackers to launch malware attacks on organisations based all over the world, Turashev acted as Yakubets’ administrator and controlled the Dridex malware campaign.

"Yakubets, who drives a customised Lamborghini supercar with a personalised number plate that translates to ‘Thief’ and spent over a quarter of a million pounds on his wedding, is now subject to a $5 million US State Department reward – the largest ever reward offered for a cyber criminal.

"Fellow Russian Igor Turashev, aged 38, who is Yakubets’ administrator and controls the Dridex malware, has also been indicted for cyber crime offences," said the NCA in a press release.

Yakubets' indictment a massive win for the NCA and the NCSC

The agency said that Evil Corp is "the world’s most harmful cyber crime group" and malware strains developed and distributed by the hacker group "have been considered among the world’s most prominent cyber threats, responsible for enabling fraud, stealing data, and theft from businesses and individuals."

It added that Yakubets used multiple online identities, primarily that of "Aqua", to run criminal campaigns aimed at targeting individuals and organisations with financial malware such as Dridex and Zeus, stealing private and personal data from infected systems, exploiting such data to steal money, and laundering the money back to himself and his associates.

Through these malware campaigns that were first launched in May 2009 and continued to remain active, Yakubets stole millions of pounds directly from UK individuals and organisations and ran elaborate money laundering operations to fund his lavish lifestyle.

Aside from ensuring that Yakubets and his associates are indicted and ultimately made to face justice for their crimes, the NCA also succeeded in ensuring the arrest of Andrey Ghinkul, a Dridex distributor in 2015 and in taking down a network of money launderers in the UK who funnelled profits back to Evil Corp. The eight money launderers arrested by the NCA have been sentenced to a total of over 40 years in prison.

Evil Corp represented the most significant cyber crime threat to the UK, says NCA boss

"It is our assessment that Maksim Yakubets and Evil Corp – the cyber crime group he controls – represent the most significant cyber crime threat to the UK," said Lynne Owens, Director General of the NCA.

"The significance of this group of cyber criminals is hard to overstate; they have been responsible for campaigns targeting our financial structures with multiple strains of malware over the last decade. We are unlikely to ever know the full cost, but the impact on the UK alone is assessed to run into the hundreds of millions.

"While the harm caused by this group has targeted mainly financial institutions, there is no doubt that their activity has had real world impacts, defrauding and stealing from victims in the UK and worldwide. The Lamborghini Yakubets drives was someone’s life savings, now emptied from their bank account.

"These indictments demonstrate that our world-leading law enforcement, in unparalleled cooperation with our US allies, is tirelessly committed to cracking down on cyber criminality – pursuing legal action and targeting their finances no matter where criminals are based," Owens added.

Commenting on the indictment of Yakubets and his associate Turashev, Paul Chichester, NCSC Director Operations, said that Dridex has been targeting UK victims since at least 2014, compromising and stealing from large organisations, SMEs and the general public and the indictment is the result of multi-year investigation with our law enforcement and international partners.

"Malware is a continuing cyber threat but we can all reduce our risk of becoming victims to cyber criminals by ensuring our devices are patched, anti-virus is turned on and up to date and files are backed up," he added.

ALSO READ: Malicious email campaign distributing Dridex banking trojan unearthed by researchers

MORE ABOUT: