U.S. Targets Russian ‘Evil Corp’ Hacker Group With Sanctions, Indictments
06 Dec 2019

The Trump administration Thursday placed a $5 million bounty on the leader of a Russian hacker group called Evil Corp for his alleged work for Moscow’s intelligence agency, part of what U.S. officials say is a broader reprisal for a Kremlin-directed cyber offensive against the U.S.

The State Department’s action against Maksim Yakubets coincides with Treasury Department sanctions and indictments by the Justice Department and the U.K.’s National Crime Agency against core members of the group, which is accused of orchestrating the theft of more than $100 million from more than 300 banks in the U.S. and dozens of other countries.

The cyber theft, using malware that stole credentials and passwords, isn’t believed to be directed by Russian intelligence, though a senior administration official said the activities couldn’t have been carried out without the knowledge of the Russian government.

But the Treasury Department said Mr. Yakubets was conducting separate work for Russia’s Federal Security Service as of 2017, and was seeking a license to handle classified intelligence with the agency in April of last year.

The State Department bounty is for information that leads to the capture or conviction of Mr. Yakubets.

Brian Benczkowski, head of the Justice Department’s criminal division, said the global hacking schemes Mr. Yakubets is accused of devising are “so audacious and sophisticated that they would be difficult to imagine if they were not real.”

Russia’s ambassador to the U.S., Anatoly Antonov, in a social media post, called the U.S. linking of Evil Corp’s leader to the government “groundless accusations,” with “no proof provided to support the allegations.”

Mr. Antonov said the U.S., instead of negotiating a treaty on cybersecurity, prefers to label Russia a cybercriminal. “Such rhetoric clearly does not help stabilization of bilateral relations,” he said.

The sanctioned Evil Corp-associated individuals couldn’t immediately be reached for comment, including through a nonworking number associated with one of those individuals.

More specifically, U.S. and U.K. authorities said Evil Corp is responsible for developing and distributing the Bugat/Cridex/Dridex malware that burrowed its way into financial institutions’ cybersystems and secured credentials that allowed the hackers access to victims’ funds.

A senior administration official said the case represents “yet another example of the Russian government enlisting the existence of cybercriminals to carry out malign activities.” According to U.S. investigators, much of the interference in the 2016 U.S. election was executed by hackers and others criminal actors contracted by the Russian government.

Given the size of the operation and Mr. Yakubet’s involvement with the intelligence service, “there’s zero chance of the Russian government not being fully aware” of the collective’s activities, the official said. The administration officials said Mr. Yakubets was hired by Russia’s intelligence service in 2017 to acquire confidential documents, but didn’t elaborate on what documents were compromised.

The action against Evil Corp, the officials said, puts the total number of sanctioned Russian agents, companies and Moscow-linked entities at over 300 since the start of the Trump administration.

By Ian Talley and Sadie Gurman, The Wall Street Journal, 5 December 2019

Read more at The Wall Street Journal

RiskScreen: Eliminating Financial Crime with Smart Technology

Count this content towards your CPD minutes, by signing up to our CPD Wallet