The U.S. Treasury Department building is seen in Washington, DC, on July 22, 2019. The Treasury and Justice departments announced Thursday action against a Russian hacking group known as Evil Corp. Alastair Pike / AFP via Getty Images hide caption
Alastair Pike / AFP via Getty Images
The U.S. Treasury Department building is seen in Washington, DC, on July 22, 2019. The Treasury and Justice departments announced Thursday action against a Russian hacking group known as Evil Corp.
Alastair Pike / AFP via Getty Images
Updated at 12: 25 PM ET
Federal law enforcement officials have announced criminal charges and sanctions against Russian nationals who operate a hacking organization known as Evil Corp., a group officials say is responsible for one of the most sweeping banking fraud schemes in the past decade.
Officials say Evil Corp. developed and distributed a type of malware that infected computers around the world and harvested banking credentials in order to steal some $ 100 million.
According to officials with the Justice and Treasury departments, the malware software was known as Dridex, which automated the theft of confidential information from banking customers after someone clicks on a phishing emails.
Investigators believe that the Russian government may have been complicit in the criminal enterprise.
“It’s simply inconceivable that an organization like this can steal that amount of money from that money places using a distributive malware like Dridex without the Russian government being well-aware of those activities, “a senior Treasury officials said.
Treasury Secretary Steven Mnuchin described the group as “one of the world’s most prolific cybercriminal organizations.
He continued : “Our goal is to shut down Evil Corp, deter the distribution of Dridex, target the ‘money mule’ network used to transfer stolen funds, and ultimately to protect our citizens from the group’s criminal activities.”
Trump officials say the leader of Evil Corp is an individual named Maksim Yakubets, and the State Department is offering $ 5 million for information that leads to his arrest.
Yakubets is alleged to have committed separate cyber crimes on behalf of the Russian government, working for Russia’s Federal Security Service (FSB), officials say. Last April, he was in the process of getting a license to work with classified information on behalf of the Russian government, according to authorities.
“Evil Corp and their Dridex software serves as yet another example of t he Russian government enlisting the assistance of cyber criminals to carry out malign activities, “a senior Treasury official said.
The criminal indictmentswere unsealedin Pittsburgh, Pa., and Lincoln, Nebraska, against Yakubets, 32, and Igor Turashev, 38, both Russian nationals, accusing them of bank and wire fraud and computer hacking , among other counts.
Investigators say the two targeted victims in some 21 municipalities in one of the most widespread malware campaigns US authorities have ever encountered.
The group infiltrated banks and non-profits from California to Maine. Among the victims, authorities say, were a luggage business in New Mexico, a dairy in Ohio and a community of Franciscan sisters in Chicago.
In all, the group used malicious software in attempting to steal some $ 220 million, having successfully illegally transferred about $ 70 million from individual bank accounts using malware known as Zeus.
Yakubets and Turashev captured banking credentials using an online tool known as botnet, which takes over a computer’s operating system. From there, authorities say they would transfer money from a victim’s bank into a “money mule” account, or someone who receives stolen funds and then moves it into an overseas account.
The duo victimized banks, a school district, a petroleum business and other firms in the Pittsburgh area, pilfering millions of dollars, according to the charging documents.
In aseparate criminal complaint also unsealedon Thursday in Nebraska, Yakubets, who goes by the moniker “aqua,” was additionally charged with conspiracy to participate in racketeering activity and computer fraud and theft charges for stealing from banks and small businesses in Nebraska.
Two Ukrainian associates of “aqua” were extradited from the United Kingdom to the U.S. and given prison sentences after pleading guilty to being part of a hacking scheme in 2015.
Treasury officials said they have freezed the assets of 17 associates of Evil Corp. The actions were taken in conjunction with law enforcement officials in the UK
Assistant Attorney General Brian Benczkowski, who leads the Justice Department’s criminal division, said: “” It is fair to say that they are not out of business at this point, but that is our ultimate goal. “
NPR’s Ryan Lucas contributed to this report.