The United States Department of Justice today disclosed the identities of two Russian hackers and charged them for developing and distributing the Dridex banking Trojan using which the duo stole more than $100 million over a period of 10 years.
Maksim Yakubets, the leader of ‘Evil Corp’ hacking group, and his co-conspirator Igor Turashev primarily distributed Dridex — also known as ‘Bugat‘ and ‘Cridex‘ — through multi-million email campaigns and targeted numerous organizations around the world.
The State Department has also announced a reward of up to $5 million—the largest offered bounty to date for a cybercrime suspect—for providing information that could lead to the arrest of Yakubets, who remains at large.
“Bugat is a multifunction malware package designed to automate the theft of confidential personal and financial information, such as online banking credentials, from infected computers,” the DoJ said in its press release.
“Bugat malware was specifically crafted to defeat antivirus and other protective measures employed by victims. Later versions of the malware were designed with the added function of assisting in the installation of ransomware.”
Besides developing and distributing Dridex, Yakubets has also been charged with conspiracy to commit bank fraud in connection with the infamous “Zeus” banking malware that stole $70 million from victims’ bank accounts.
Starting May 2009, Yakubets and his co-conspirators allegedly employed widespread computer intrusions, malicious software, and fraud in an effort to steal millions of dollars from numerous bank accounts in the United States and elsewhere.
The hackers infected thousands of business computers with malware that captured passwords, account numbers, and other information necessary to log into online banking accounts, and then used the stolen data to steal money from victims’ bank accounts.
“Yakubets allegedly has engaged in a decade-long cyber crime spree that deployed two of the most damaging pieces of financial malware ever used and resulted in tens of millions of dollars of losses to victims worldwide,” said Brian A. Benczkowski, Assistant Attorney General of DoJ’s Criminal Division.
According to the Justice Department, the FBI discovered the identities of both Russian cybercriminals with the help of its foreign counterpart National Crime Agency (NCA) in the United Kingdom.
The NCA started its investigation into the Dridex group back in 2014 and collected evidential material over several years that support the charges brought by the FBI.
While taking down the infrastructure supporting Dridex in 2015, NCA also helped the FBI arrest Andrey Ghinkul, one of the distributors of Dridex malware.
“Investigations in the UK by the NCA and the Metropolitan Police have also targeted Yakubets’ network of money launderers who have funnelled profits back to Evil Corp. Eight people have been sentenced to a total of over 40 years in prison,” the NCA said.
The joint investigation revealed that Yakubets “also provides direct assistance to the Russian government” by stealing confidential documents through state-sponsored cyberattacks.
The duo has been alleged to have victimized 21 specific municipalities, private companies, banks, and non-profit organizations in California, Illinois, Massachusetts, Ohio, Texas, Washington, Iowa, Kentucky, Maine, New Mexico, and North Carolina, including multiple entities in Nebraska and a religious congregation.
The United States has also rolled out sanctions against 17 other individuals and 7 Russian companies for their connection with the Evil Corp hacking group.
For now, it’s clear that if Yakubets stepped out of Russia, he would be arrested and extradited to the US.