Feds take action against Russian hacking group accused of $100 million cybercrime spree
The Treasury Department on Thursday sanctioned a Russian hacking group called Evil Corp, which used malware to infect computers and collect login credentials from hundreds of financial institutions worldwide, stealing more than $100 million.
The action by the Treasury Department targeting Evil Corp was taken in conjunction with the Justice Department, which charged two Russians who are leading figures in the cyber organization, Maksim Yakubets and Igor Turashev, for their roles in the malware campaigns.
“This coordinated action is intended to disrupt the massive phishing campaigns orchestrated by this Russian-based hacker group,” Treasury Secretary Steve Mnuchin said in a statement, calling Evil Corp “one of the world’s most prolific cybercriminal organizations.”
Based in Russia, Evil Corp is behind the development and deployment of the Dridex malware, which was spread through phishing campaigns and used to automate the theft of personal and financial information. Once computers were infected, Evil Corp used the online banking credentials to take money from victims’ bank accounts, which it then transferred to its own overseas accounts, according to the Treasury Department.
As of 2016, the Russian hacking group harvested banking credentials from customers of roughly 300 financial institutions in more than 40 countries.
The Treasury Department described Evil Corp as a “business group run by a group of individuals based in Moscow, Russia, who have years of experience and well-developed, trusted relationships with each other.”
Yakubets, who has ties to Russia’s Federal Security Service, served as the leader of Evil Corp and oversaw the group’s hacking activities, according to the Treasury Department. In addition to the indictment unsealed against him, the State Department has also issued a $5 million reward for information leading to his arrest.
Turashev, meanwhile, had control over the Dridex malware as of 2015 and helped exploit Evil Corp’s victims’ networks, Treasury said.
The two were charged with conspiracy, computer hacking, wire fraud, and bank fraud in connection with the distribution of Dridex.
Evil Corp’s hacking scheme targeted a wide range of entities, including the Sharon City School District in Pennsylvania. After installing malware on the computer used by the school district, hackers unsuccessfully attempted to transfer nearly $1 million from the district’s account to its own coffers.
Malware was also installed on a computer used by Penneco Oil Company and hackers allegedly stole millions from the Pennsylvania-based company.
The group allegedly targeted firearms manufacturer Remington and 84 Lumber, as well as other Pennsylvania companies, with the most recent theft occurring in March, the Justice Department said.
The action stems from a multiyear effort with NATO allies, the goal of which “is to shut down Evil Corp, deter the distribution of Dridex, target the ‘money mule’ network used to transfer stolen funds, and ultimately to protect our citizens from the group’s criminal activities,” Mnuchin said.