The U.S. Treasury Department imposed sanctions on seven individuals and two entities associated with Evil Corp, a cybercrime group based in Russia, on Oct. 1. This action came alongside an indictment from the U.S. Justice Department against a member of Evil Corp and additional measures from the U.K. and Australia. Evil Corp is known for developing and distributing the Dridex malware, which has been used to infect computers and steal login credentials from hundreds of banks and financial institutions in over 40 countries. The group has caused more than $100 million in theft losses and damage to financial institutions globally.
Maksim Yakubets, the leader and founder of Evil Corp, was previously sanctioned by the Treasury in 2019. He and another member of the group were indicted by the Justice Department, with a $5 million reward offered for information leading to their capture and conviction. The collective efforts of the U.S., U.K., and Australia in imposing sanctions and pursuing legal actions against Evil Corp underscore the commitment to combat cybercriminals like ransomware actors who pose a threat to critical infrastructure and citizens. The Treasury noted that Yakubets and other members of Evil Corp have connections to Russian politicians and government figures, indicating possible government involvement in cybercrime activities.
One of the newly sanctioned members of Evil Corp, Eduard Benderskiy, a former member of Russia’s Federal Security Service (FSB), reportedly used his influence within the Russian state to protect the group. In the past, Russian intelligence had tasked Evil Corp with conducting cyber attacks and espionage operations against NATO allies. This highlights the potential ties between cybercriminal groups like Evil Corp and Russian intelligence agencies, raising concerns about state-sponsored cyber threats. The U.K.’s National Crime Agency and other intelligence agencies have warned about the activities of a notorious unit of Russia’s military intelligence agency (GRU) carrying out cyber attacks on critical infrastructure in NATO, EU, and Ukraine.
The actions taken by the U.S., U.K., Australia, and other Western intelligence agencies against Evil Corp and Russian military intelligence units reflect the growing threat of cybercrime and state-sponsored cyber attacks. The coordination in imposing sanctions, indictments, and reward offers demonstrates a united effort to combat malicious cyber activities that target financial institutions, critical infrastructure, and government agencies. The involvement of former FSB members and ties to Russian politicians raise concerns about the extent of state involvement in cybercriminal operations carried out by groups like Evil Corp. These developments underscore the need for increased cybersecurity measures and international cooperation to address the evolving challenges posed by cyber threats.
