WASHINGTON D.C. — The US Treasury Department announced new sanctions Thursday on a Russian-based cybercriminal organization called “Evil Corp” for using malware to steal more than $100 million from hundreds of banks and financial institutions.
Specifically, Evil Corp used the malware known as Dridex to “infect computers and harvest login credentials from hundreds of banks and financial institutions in over 40 countries, causing more than $100 million in theft,” according to the Treasury Department.
“Treasury is sanctioning Evil Corp as part of a sweeping action against one of the world’s most prolific cybercriminal organizations. This coordinated action is intended to disrupt the massive phishing campaigns orchestrated by this Russian-based hacker group,” Treasury Secretary Steven Mnuchin said in a statement.
“OFAC’s action is part of a multiyear effort with key NATO allies, including the United Kingdom. Our goal is to shut down Evil Corp, deter the distribution of Dridex, target the ‘money mule’ network used to transfer stolen funds, and ultimately to protect our citizens from the group’s criminal activities,” he added.
The US also unsealed an indictment on Thursday against two Russians as part of a hacking conspiracy beginning in 2011 to defraud companies and others of millions of dollars.
The indictment alleges Russian residents Igor Turashev and Maksim Yakubets installed malware as a means to illicitly gain funds though wire transfers.
Yakubets is the leader of Evil Corp, according to the Treasury Department, and Turashev worked as “an administrator for Yakubets and had control over the Dridex malware.”
“The group’s leader, Maksim Yakubets, also provides direct assistance to the Russian government’s malicious cyber efforts, highlighting the Russian government’s enlistment of cybercriminals for its own malicious purposes,” the department’s statement said.
“Maksim Yakubets is not the first cybercriminal to be tied to the Russian government. In 2017, the Department of Justice indicted two Russian Federal Security Service (FSB) officers and their criminal conspirators for compromising millions of Yahoo email accounts. The United States Government will not tolerate this type of activity by another government or its proxies and will continue to hold all responsible parties accountable,” it added.