Notorious Evil Corp Hackers: Unraveling Their Targeting of NATO Allies for Russian Intelligence

International law enforcement has been striving for years to disrupt the cybercriminal group known as Evil Corp, which has been involved in a widespread crime spree. Among the numerous Russian cybercriminals, Evil Corp stands out due to its unique ties with Russian intelligence agencies.

Recently, on a Tuesday, the United Kingdom’s National Crime Agency unveiled new information regarding the real identities of suspected members of Evil Corp, detailing the group’s association with the LockBit platform and its connections to the Russian government. Analysts have increasingly established that Russian cybercriminals often maintain informal quid pro quo relationships with government officials. However, NCA officials stress that Evil Corp exemplifies a gang with direct connections to various Russian intelligence agencies, including the Federal Security Service (FSB), the Foreign Intelligence Service (SVR), and the military intelligence agency known as the GRU. Furthermore, the NCA indicates that prior to 2019, Evil Corp was specifically “tasked” by these intelligence entities to carry out espionage missions and cyberattacks against unidentified “NATO allies.”

For over ten years, Evil Corp has employed its Dridex malware along with other hacking tools to compromise countless bank accounts globally and siphon off funds. In 2017, the group diversified into ransomware activities, deploying strains such as Hades and PhoenixLocker, and subsequently began utilizing the LockBit platform as an affiliate starting in 2022. The gang has extorted a minimum of $300 million from its victims in addition to its other gains, and the United States State Department is offering a $5 million reward for information leading to the apprehension of the alleged leader of the gang, Maksim Yakubets.

“The narrative of Evil Corp serves as a prominent illustration of the increasing threat that cybercriminals and ransomware operators present,” stated the NCA in a recent report in collaboration with the FBI and the Australian Federal Police. “In their situation, the involvement of the Russian state has played an especially pivotal role, sometimes even utilizing this cybercrime group for its own malicious cyber objectives.”

According to officials from the NCA, Evil Corp stands out among Russian cybercrime syndicates due to its traditional crime organization structure, centered around Maksim Yakubets and his personal circle. His father, Viktor Yakubets, is said to have a history in money laundering, while Maksim’s brother Artem and cousins Kirill and Dmitry Slobodskoy are believed to be involved with the operation. It is also claimed that the group utilized specific physical locations for their activities, such as Chianti Café and Scenario Café in Moscow.

Authorities indicate that Maksim Yakubets has consistently been the key link between Evil Corp and Russian intelligence. Other associates, including his father-in-law, Eduard Benderskiy, are also alleged to play a role in fostering these connections. Benderskiy is reported to be a former FSB official associated with the enigmatic ‘Vympel’ unit and has been tied to various overseas assassinations according to Bellingcat. Following the US’s sanction actions and indictments in 2019 against Evil Corp members, officials assert that Benderskiy has been working to shield senior gang members within Russia.

Despite its sustained prominence, Evil Corp has had to innovate continually to maintain its financial flow. Although the group denies any affiliation, it appears to have utilized the infamous ransomware-as-a-service platform LockBit for attacks since 2022. Additionally, the NCA identified Yakubets’ alleged second-in-command, Aleksandr Ryzhenkov, as overseeing these operations. Following a significant crackdown on LockBit in February by international law enforcement, the group has reportedly been functioning at a reduced capacity, according to the NCA.

The NCA remarked, “Evil Corp emerged from a gathering of elite cybercriminals, with a sophisticated business model that established them as one of the most widespread and enduring adversaries in cybercrime to date. After facing setbacks due to the sanctions and indictments in December 2019, the group has been compelled to broaden its strategies to continue inflicting damage while adapting to the evolving landscape of cybercrime.”

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Article

Intel Unveils Xeon 6 Processors and Gaudi 3 AI Accelerators: A New Era in Computing Power

Next Article

Exciting New Nintendo Switch Holiday Value Bundles Now Available at Walmart!

Related Posts