Russian ‘Evil Corp’ is Behind a Decade of Hacks, US Says

December 6, 2019by Josh Wingrove, Chris Strohm and Alyza Sebenius
Russian ‘Evil Corp’ is Behind a Decade of Hacks, US Says

WASHINGTON — The U.S. unveiled criminal charges and sanctions against members of a hacking group that calls itself Evil Corp, which authorities blame for some of the worst computer hacking and bank fraud schemes of the past decade.

The Justice Department, working mainly with the Treasury Department and British authorities, brought conspiracy and fraud charges against members of the group. It said it “has been engaged in cybercrime on an almost unimaginable scale,” using malware to steal tens of millions of dollars from customers doing online banking. Treasury said it would sanction the group and its leaders for cyber thefts committed at hundreds of financial institutions around the world.

The group’s alleged leader, identified as Maksim Yakubets, also worked for the Russian Federal Security Service intelligence agency, according to the Treasury Department. Yakubets was directed to work on projects for the Russian state starting in 2017, it said. The Russian ambassador to the U.S., Anatoly Antonov, called the accusation “groundless.”

The almost comically named outfit is “the world’s most harmful cyber crime group,” the U.K.’s National Crime Agency said in a statement, adding that its malware had caused hundreds of millions of pounds in financial losses in the U.K. alone. Its alleged leaders hardly kept a low profile, the NCA said. Yakubets drove a Lamborghini with a license plate that translates to “Thief” and spent more than a quarter of a million pounds on his wedding.

The U.S. charged Yakubets in Nebraska and Pennsylvania, while bringing charges against an alleged co-conspirator, Igor Turashev, in Pennsylvania. The two are believed to be in Russia, according to the Federal Bureau of Investigation. The U.S. is offering a $5 million reward for information leading to Yakubets’ arrest or conviction, the State Department said.

The group used a kind of malware called Dridex to harvest log-in credentials for financial institutions in more than 40 countries, according to the Treasury Department. Dridex, also known as Bugat and Cridex, often reaches victims through phishing emails. It “automates the theft of confidential personal and financial information, such as online banking credentials, from infected computers through the use of keystroke logging and web injects,” the U.S. said.

Using the malware, the group attempted a theft of about $220 million, with actual losses of about $70 million, according to the Justice Department. Victims of the scam include Penneco Oil Co., which had about $3.5 million taken from its accounts at First Commonwealth Bank in Pennsylvania in two transactions, and a host of small businesses and organizations, according to the government. The group allegedly hacked an order of nuns, the Franciscan Sisters of Chicago, using its credentials to make off with more than $24,000 from its account at Bank of America Corp. A Bank of America spokesman declined to comment.

Over the past two years, the distribution of banking malware has increasingly preceded “more damaging intrusions,” including the distribution of disruptive ransomware, according to Kimberly Goody, a manager of financial crime analysis at the cybersecurity firm FireEye Inc.

“The association between the claimed leader of this operation and the FSB is consistent with ties that we have previously seen between state-sponsored actors and criminal groups,” she said in a statement, referring to Russia’s Federal Security Service.

Dridex hackers “appear to direct the majority of attacks at English-speaking countries,” the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency said in an alert. The “massive spam campaigns” that distribute Dridex send “up to millions of messages per day,” the alert said.

“Our goal is to shut down Evil Corp, deter the distribution of Dridex, target the ‘money mule’ network used to transfer stolen funds, and ultimately to protect our citizens from the group’s criminal activities,” Treasury Secretary Steven Mnuchin said in a statement.

Yakubets “is not the first cyber criminal to be tied to the Russian government,” Treasury said in a statement, citing the 2017 indictment of two FSB officers and conspirators for compromising “millions” of Yahoo Holdings Inc. email accounts. An alleged co-conspirator in the Nebraska complaint unsealed Thursday, Yevgeny Bogachev, was sanctioned by the U.S. in 2016 and has been on the FBI’s most-wanted list.

Treasury officials said the U.S. action was coordinated not only with the U.K. but also with others targeted by the group, including Italy, Australia, the United Arab Emirates, Canada, France, India, Hong Kong and Malaysia.

Law enforcement has been after the group for several years. Two Ukrainian nationals were extradited from the U.K. to the U.S. and pleaded guilty to related charges in Nebraska in 2015, the Justice Department said. In October of that year, U.S. prosecutors also indicted Moldovan national Andrey Ghinkul for cyberattacks using Dridex.

Dridex is “one of the most prevalent eCrime malware families,” according to a July report by the cybersecurity firm Crowdstrike, which said it was used significantly in 2015 and 2016.

FBI Deputy Director David Bowdich said Evil Corp and other cyber criminals are still operating, and that one reason the U.S. brought the charges forward now was to raise awareness about future attacks.

“It is fair to say they are not out of business at this point,” he said.

———

David Voreacos, Lananh Nguyen and Alex Nicholson contributed to this report.

———

©2019 Bloomberg News

Visit Bloomberg News at www.bloomberg.com

Distributed by Tribune Content Agency, LLC.

A+
a-
  • hacking
  • Justice Department
  • Russia
  • Treasury Department
  • In The News

    Health

    Voting

    Cybersecurity

    Americans Reporting Nationwide Cellular Outages From AT&T, Cricket Wireless and Others

    A number of Americans are dealing with cellular outages on AT&T, Cricket Wireless, Verizon, T-Mobile and other service providers, according... Read More

    A number of Americans are dealing with cellular outages on AT&T, Cricket Wireless, Verizon, T-Mobile and other service providers, according to data from Downdetector. AT&T had more than 73,000 outages around 9:30 a.m. ET, in locations including Houston, Atlanta and Chicago. The outages began at approximately... Read More

    States and Congress Wrestle With Cybersecurity at Water Utilities Amid Renewed Federal Warnings

    HARRISBURG, Pa. (AP) — The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international... Read More

    HARRISBURG, Pa. (AP) — The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international cyberattack. It had never had outside help in protecting its systems from a cyberattack, either at its existing plant that dates to the 1930s or the... Read More

    December 6, 2023
    by Dan McCue
    HHS Unveils Next Steps to Enhance Cybersecurity of Health Care Records

    WASHINGTON — The bad guys in cyberspace want your health care records.  Between 2018 and 2022, there was a 93%... Read More

    WASHINGTON — The bad guys in cyberspace want your health care records.  Between 2018 and 2022, there was a 93% increase in large breaches in the health care sector, with a 278% increase in large breaches involving ransomware, according to the Department of Health and Human... Read More

    Insider Q&A: Pentagon AI Chief on Network-Centric Warfare, Generative AI Challenges

    The Pentagon's chief digital and artificial intelligence offer, Craig Martell, is alarmed by the potential for generative artificial intelligence systems... Read More

    The Pentagon's chief digital and artificial intelligence offer, Craig Martell, is alarmed by the potential for generative artificial intelligence systems like ChatGPT to deceive and sow disinformation. His talk on the technology at the DefCon hacker convention in August was a huge hit. But he's anything... Read More

    October 31, 2023
    by Tom Ramstack
    US Workforce Unprepared for AI, Technology Experts Tell Senate

    WASHINGTON — President Joe Biden’s executive order Monday setting regulatory standards for artificial intelligence prompted witnesses at a Senate hearing... Read More

    WASHINGTON — President Joe Biden’s executive order Monday setting regulatory standards for artificial intelligence prompted witnesses at a Senate hearing Tuesday to say it is only a first step in a process likely to transform American workplaces. “Artificial intelligence will not only disrupt lives, it will... Read More

    July 18, 2023
    by Tom Ramstack
    Congress Told AI Holds Great Risks and Benefits for US Military

    WASHINGTON — Artificial intelligence experts warned Tuesday during a congressional hearing of ominous dangers for the United States if it... Read More

    WASHINGTON — Artificial intelligence experts warned Tuesday during a congressional hearing of ominous dangers for the United States if it falls behind in developing the technology but a bright future by taking the lead. One of the greatest risks would be defending against a foreign enemy... Read More

    News From The Well
    scroll top