US DoJ charged two Russian citizens for deploying the Dridex malware and for their involvement in international bank fraud and computer hacking schemes.
The U.S. Department of Justice (DoJ) has charged Russian citizens Maksim V.
The 10-count indictment charged Yakubets and Turashev with conspiracy, computer hacking, wire fraud, and bank fraud.
The 10-count indictment unsealed today, concerning the distribution of the malware they used to automate the theft of sensitive financial and personal information like banking credentials, as well as for infecting their victims with ransomware in more recent attacks.
The
The malware implements sophisticated evasion techniques, it was improved with new functionalities and its name initially changed in “Cridex,” and later in “Dridex.”
“According to the indictment,
According to the indictment, the criminal duo used the stolen banking credentials to make unauthorized transfers from the victims’ bank accounts to bank accounts owned by “money mules.” Then the criminals moved the money to other accounts or withdraw the funds and transport the funds overseas as smuggled bulk cash.
“For over a decade, Maksim Yakubets and Igor Turashev led one of the most sophisticated transnational cybercrime syndicates in the world,” said U.S. Attorney Brady. “Deploying ‘Bugat’ malware, also known as ‘Cridex’ and ‘Dridex,’ these
Yakubets is considered the leader of the gang behind the Bugat malware and
“Evil Corp has used the Dridex malware to infect computers and harvest login credentials from hundreds of banks and financial institutions in over 40 countries, causing more than $100 million in theft,” the U.S.
The U.S. Department of State’s Transnational Organized Crime (TOC) is offering a reward of up to $5 million as part of its Rewards Program for information that could allow arresting Yakubets.
According to the DoJ, Yakubets is also suspected to provide “direct assistance to the Russian FSB intelligence agency.
“As of April 2018, Yakubets was in the process of obtaining a license to work with Russian classified information from the FSB. As a result, Yakubets is also being designated pursuant to E.O. 13694, as amended, for providing material assistance to the FSB. Additionally, as of 2017, Yakubets was tasked to work on projects for the Russian state, to include acquiring confidential documents through cyber-enabled means and conducting cyber-enabled operations on its behalf.” continues the U.S. Treasury Department.
Prior to working with its accomplices for Evil Corp, Yakubets also collaborated with Evgeniy Bogachev, another popular Russian
According to the complaint, the deployment of the Zeus malware resulted overall in the attempted theft of an estimated $220 million USD, with actual losses of an estimated $70 million USD from victims’ bank accounts.
The Treasury Department also sanctioned other cyber criminals linked to the Evil Corp
- Denis Gusev, a senior member of Evil Corp, is also being designated today for his active role in furthering Evil Corp’s activities. Gusev also serves as the General Director for six Russia-based businesses. These entities include Biznes-Stolitsa, OOO, Optima, OOO, -Invest, OOO, TSAO, OOO, Vertikal, OOO, and Yunikom, OOO.
- Dmitriy Smirnov, Artem Yakubets, Ivan Tuchkov, Andrey Plotnitskiy, Dmitriy Slobodskoy, and Kirill Slobodskoy for carrying out critical logistical, technical, and financial functions such as managing the Dridex malware, supervising the operators seeking to target new victims, and laundering the proceeds derived from the group’s activities.
- Aleksei Bashlikov, Ruslan Zamulko, David Guberman, Carlos Alvares, Georgios Manidis, Tatiana Shevchuk, Azamat Safarov, and Gulsara Burkhonova for being part of the network of money mules who are involved in transferring stolen funds obtained from victims’ bank accounts to accounts controlled by members of Evil Corp.
|
(SecurityAffairs – Evil Corp, Dridex)