close
close

US, UK and Australia target Russian cybercrime syndicate

US, UK and Australia target Russian cybercrime syndicate

TLDR

  • Evil Corp, a Russia-based cybercrime group, is facing sanctions from the US, UK and Australia
  • Group responsible for more than $100 million stolen from banks in more than 40 countries
  • Possible links between Evil Corp and the LockBit ransomware group discovered
  • Members of the Evil Corp claim to have ties to Russian state entities, including the FSB
  • International law enforcement efforts against the group are intensifying

The United States, Britain and Australia have jointly imposed sanctions on key members of Evil Corp, a Russia-based cybercrime syndicate.

This group is believed to be responsible for widespread financial thefts and ransomware attacks that have resulted in the theft of more than $100 million from hundreds of banks and financial institutions in more than 40 countries.

Evil Corp is known for developing and distributing the Dridex malware, which infects computers and collects login credentials.

The US Department of Justice has also opened an indictment accusing a member of the Evil Corp of deploying BitPaymer ransomware against victims in the United States.

Recent findings from blockchain analytics firm Chainalysis suggest a possible overlap between Evil Corp and another cybercriminal group, LockBit.

Data from the chain indicates that ransomware variants associated with Evil Corp and cryptocurrency clusters linked to Lockbit have used the same deposit addresses on centralized exchanges.

This information is consistent with previous reports that Evil Corp may have used LockBit to change its name and distance itself from sanctioned entities.

The Chainalysis report also highlights that several members of Evil Corp are related, indicating close internal ties. Maksim Victorovich Yakubets, the leader of Evil Corp, has been noticed by the US Treasury Department for his alleged work for Russia’s Federal Security Service (FSB) and his attempts to obtain a license to handle classified information.

Other designees include his father, Viktor Yakubets, and father-in-law, Eduard Benderskiy, a former FSB officer. These connections suggest possible ties between the cybercrime group and Russian government agencies.

Corey Petty, a cybersecurity professional, explained that using cryptocurrency for ransom payments is “the backbone of ransomware’s effectiveness.”

He noted that while blockchains offer transparency and immutability, which can be seen as beneficial to criminals, they also allow anyone to track the flow of money.

Law enforcement agencies in multiple countries have taken coordinated actions to disrupt Evil Corp’s operations.

Arrests and seizures have taken place in several countries, including the arrest of a suspected LockBit developer by French authorities and the seizure of servers related to LockBit’s ransomware infrastructure by Spanish agents.

The sanctions against Evil Corp come amid growing concerns over the use of cryptocurrency for illegal activities. A recent report from the UK’s National Crime Agency found that as much as $5.1 billion in illegal crypto transactions are linked to the country every year, with both digital and crypto-related crime on the rise.

In a separate but related development, the US Department of Justice announced the seizure of domains linked to three crypto exchanges accused of facilitating more than $800 million in illegal transactions.

This action was part of a coordinated action against Russian money laundering operations.

Chainalysis executives recently stated that Russia has become a major force in using cryptocurrency for various illegal purposes, including sanctions evasion, ransomware attacks and US election interference.

Valerie Kennedy, Chainalysis director of Intelligence Solutions, described Russia as “the loudest and possibly most pervasive in this room.”

The international community’s focus on Evil Corp and related cybercrime groups highlights the ongoing challenges in combating digital financial crimes and the importance of coordinated efforts by law enforcement agencies around the world.

Source: https://blockonomi.com/us-uk-and-australia-target-russian-cybercrime-syndicate/