Federal authorities have indicted two Russian cybercriminals who allegedly lead a shadowy organization called "Evil Corp" that has stolen more than $100 million using a powerful malware that has spread to more than 40 countries.
According to Reuters, prosecutors indicted Maksim Yakubets, the organization's Lamborghini-driving alleged ringleader, whle ordering asset freezes against 17 of his associates. An indictment was also filed against Yakubets's alleged No. 2, Igor Turashev. Both men are believed to be alive and living in Russia, beyond the reach of American authorities, who have tried to apprehend Yakubets at least once before. Authorities said they've already arrested 8 other alleged members of the group.
Back in 2015, prosecutors made another attempt to stop Evil Corp, eventually indicting Yakubets and Turashev. But the two remained at large, and their software quickly went right back to stealing.
Which seems funny to us, because judging by his wanted photos, Yakubets looks like a spindly teenager. He doesn't exactly have 'criminal mastermind' vibes. More like "mom still does my laundry..."
Not exactly the look of a man who would drive a Lamborgini with the word 'thief (in Russian)' displayed on his license plate through the streets of Moscow, as Reuters alleges.
British authorities described the 32-year-old Yakubets as a supercar-lover who customized his Lamborghini license plate to read “Thief” in Russian and ran his operation from the basements of Moscow cafes.
A "true 21st century criminal" they called him...
"Yakubets is a true 21st century criminal," U.S. Assistant Attorney General Brian Benczkowski said. "He's earned his place on the FBI’s list of the world’s most wanted cyber criminals."
If Evil Corp's leaders seem harmless by appearance, the description of their crimes might change somebody's mind: their malware 'Dridex' has helped them steal more than $70 million in the US alone.
Evil Corp is alleged to be behind an ever-evolving family of malicious software known Dridex, which has bedeviled banks and businesses since it first appeared in 2011. The malware works by hacking into banks and businesses and making rogue financial transfers that are eventually funneled back to the hackers.
Dridex targeted smaller businesses and organizations that lacked the sophisticated cyberdefenses of larger organizations, US officials said.
Though the indictments only mentioned incidents in Nebraska and Pennsylvania, victims spanned the United States - including a dairy company in Ohio, a luggage company in New Mexico and a religious order in Nebraska, FBI Deputy Director David Bowdich told a news conference.
Losses totaled $70 million in the United States alone, officials said.
The malware was spread via email with so-called "phishing" campaigns, which encouraged victims to click on malicious web links, and Evil Corp chiefly targeted companies in the US and UK.
The director general of the British agency, Lynne Owens, said that Yakubets and Evil Corp "represent the most significant cyber crime threat to the U.K.," a sentiment endorsed by John Shier, an expert at U.K.-based cybersecurity company Sophos.
"I’d put them in the top tier," he said of the group’s operators.
And let's not forget their alleged links to the Russia state (because Putin is the capo di tutti capi).
Underlining alleged links between cybercriminals and the Russian state, U.S. Treasury officials said Yakubets worked on the side for Russia’s Federal Security Service (FSB), its domestic intelligence agency, and stole classified material on Moscow’s behalf. One senior U.S. Treasury official said that, last year, he had even applied to the FSB for a license to handle secret documents.
Echoing the Mueller probe indictments of more than a dozen intelligence agents who allegedly participated in the 'plot' to rig the election, analysts doubted that Yakubets would ever see justice.
"What are the chances this guy is going to face trial in the United States?" he said. "Probably next to zero."
The indictments stemmed from an international investigation involving the FBI, as well as the UK's National Crime Agency. In a twitter thread about the indictments, the NCA alleged that Yakubets paid more than a quarter of a million pounds for his wedding and that other members of the group were living 'lavish' lifestyles, and that the group was responsible for stealing "hundreds of millions of pounds" in the UK.
An international law enforcement operation has exposed the world’s most harmful cyber crime group, Evil Corp.— National Crime Agency (NCA) (@NCA_UK) December 5, 2019
Maksim Yakubets has been indicted in the United States following unprecedented collaboration between the NCA, @FBI, @NCSC & @TheJusticeDept.https://t.co/YFXDuk8PpO pic.twitter.com/EE3TafK7qC
Evil Corp created and deployed malware causing financial losses totalling hundreds of millions of pounds in the UK alone.— National Crime Agency (NCA) (@NCA_UK) December 5, 2019
The NCA began working with multiple partners to investigate one of the group’s core malware strains, Dridex, in 2014. pic.twitter.com/gu6NR640qe
Dridex has been targeting UK victims since at least 2014, compromising and stealing from large organisations, SMEs and the general public.— National Crime Agency (NCA) (@NCA_UK) December 5, 2019
Our officers developed intelligence and identified evidential material over several years to support the US indictments.
Yakubets drives a customised Lamborghini supercar with a personalised number plate that translates to ‘Thief’ & spent over a quarter of a million pounds on his wedding.— National Crime Agency (NCA) (@NCA_UK) December 5, 2019
He is now subject to a $5 million US State Department reward – the largest ever reward for a cyber criminal. pic.twitter.com/a7s9tKFutt
Members of Evil Corp are living a lavish lifestyle, funded by the life savings of their victims.— National Crime Agency (NCA) (@NCA_UK) December 5, 2019
If Maksim Yakubets, who used the online identity of ‘Aqua’, ever leaves the safety of Russia he will be arrested and extradited to the US. pic.twitter.com/BdoaxZrFBK
Yakubets was charged in two separate cases (one in Pennsylvania and the other in Nebraska) for distributing malware that stole unsuspecting victims’ passwords and other personal information, then reroute wire transfers to foreign banks and into accounts controlled by his "money mules." Before they realized what was happening, unsuspecting marks could be down tens of thousands of dollars. Meanwhille, Turashev is being charged for playing an administrative-type role in the organization.