It’s war time again and it’s is once again a fight United States v. Russia. As so often in the past, this New Cold War is taking place in cyberspace. The Americans repeatedly claimed that the Russian state supports cybercrime against Western states and the USA and protects cybercrime. This is probably also true of Evil Corp and its Russian principals. The gigantic hack of JP Morgan and other financial institutions by the organization of Israeli Gery “Gabi” Shalon was also carried out with the support of the Russian cybercrime scene. In front of the eyes of Russian authorities. The Russian Andrei Tyurin was the technical mastermind behind the hack and could only be arrested when he went on holiday in Georgia in 2018. He wass indicted and pleaded guilty.
The Russian Perpetrators
The UK National Crime Agency (NCA) reported that two members of the notorious Russian hacking group Evil Corp have been indicted in the US following an international law enforcement operation.
have been charged in relation to computer hacking and bank fraud schemes that netted the gang hundreds of millions of pounds over the last 10 years. The Evil Corp case has been exposed in a collaboration between the NCA, FBI and National Cyber Security Centre which began in 2014. Dedicated teams in the agencies investigated one of the group’s core malware strains, Dridex, in 2014.
A luxurious life financed with Cybercrime
Yakubets lives a luxurious life in Putin’s Russia. He is also likely to maintain the best relations with the political establishment. Cybercrime against the West is considered heroic behavior in Russia. In this respect, the indictment in the United States is likely to be a kind of accolade for Yakubets.
Yakubets, who drives a customized Lamborghini supercar with a personalized number plate that translates to ‘Thief’. He allegedly spent a few hundred thousand dollars on his wedding. Additionally, he is now subject to a $5 million US State Department reward – the largest ever reward offered for a cybercriminal.
The Evil Corp
Since at least 2011, the FBI estimates that Evil Corp‘s malware —also known as Bugat, Dridex and Cridex—resulted in losses of $100 million or more across hundreds of banks. Apparently, Evil Corp ran a sort of franchise business. Online magazine Wired reported that Yakubets gave a UK resident access to its malware in exchange for $100,000 upfront, plus 50 percent of all revenues, with a minimum take of $50,000 a week. Evil Corp, of course, provided the technical support as needed.
The UK National Crime Agency (NCA) described Evil Corp as “the world’s most harmful cybercrime group” due to the sophistication of the hacks and the global scale of their operation. According to US treasury officials, Evil Corp is “one of the biggest hacking groups ever”. The authority announced a $5m bounty for information leading to the capture of Yakubets.
The significance of this group of cybercriminals is hard to overstate; they have been responsible for campaigns targeting our financial structures with multiple strains of malware over the last decade,” said Lynne Owens, director general of the NCA.
Maksim Yakubets allegedly has engaged in a decade-long cybercrime spree that deployed two of the most damaging pieces of financial malware ever used and resulted in tens of millions of dollars of losses to victims worldwide.Assistant Attorney General Benczkowski (Source: U.S. DOJ press release)
According to the NCA, it is unlikely to ever know the full cost, but the impact on the UK alone is assessed to run into the hundreds of millions. It the NCA’s assessment that Maksim Yakubets and Evil Corp – the cybercrime group he controls – represent the most significant cybercrime threat to the UK.
If Yakubets, who used the online moniker ‘Aqua’, ever leaves the safety of Russia he will be arrested and extradited to the US. The work carried out by the NCA and its partners means he has now been exposed to the world and will be subject to significant international scrutiny. It also restricts his ability to operate with other criminals who will find him toxic to deal with.National Crime Agency (Source: NCA website)
For now, Yakubets remains at large, and presumably still active. The DOJ recorded the Evil Corp attacks as recent as March 19, 2019.
The New Cold War
This is not a victimless crime, those losses were once people’s life savings, now emptied from their bank accounts … This is not the end of our investigation, and we will continue to work closely with international partners to present a united front against criminality that threatens our prosperity and security.Rob Jones, NCA Director of Cyber Crime Unit Rob Jones (Source: U.S. DOJ press release)
According to the FBI, Yakubets has also provided direct assistance to the Russian government. As of 2017, Yakubets was working for the Russian secret FSB, one of Russia’s leading intelligence organizations.
It is a fact that the Cold War between the United States and its allies versus the Russian and their allies has shifted to cyberspace. The difference between an evil and a good cyber warrior lies in the nationality and perspective of the respective opponent. It seems, however, that in this cold war the Russians have a more aggressive strategy, the more brutal warriors and the more attractive targets.