Skip to main content
The Globe and Mail
Support Quality Journalism
The Globe and Mail
First Access to Latest
Investment News
Collection of curated
e-books and guides
Inform your decisions via
Globe Investor Tools
Just$1.99
per week
for first 24 weeks

Enjoy unlimited digital access
Enjoy Unlimited Digital Access
Get full access to globeandmail.com
Just $1.99 per week for the first 24 weeks
Just $1.99 per week for the first 24 weeks
var select={root:".js-sub-pencil",control:".js-sub-pencil-control",open:"o-sub-pencil--open",closed:"o-sub-pencil--closed"},dom={},allowExpand=!0;function pencilInit(o){var e=arguments.length>1&&void 0!==arguments[1]&&arguments[1];select.root=o,dom.root=document.querySelector(select.root),dom.root&&(dom.control=document.querySelector(select.control),dom.control.addEventListener("click",onToggleClicked),setPanelState(e),window.addEventListener("scroll",onWindowScroll),dom.root.removeAttribute("hidden"))}function isPanelOpen(){return dom.root.classList.contains(select.open)}function setPanelState(o){dom.root.classList[o?"add":"remove"](select.open),dom.root.classList[o?"remove":"add"](select.closed),dom.control.setAttribute("aria-expanded",o)}function onToggleClicked(){var l=!isPanelOpen();setPanelState(l)}function onWindowScroll(){window.requestAnimationFrame(function() {var l=isPanelOpen(),n=0===(document.body.scrollTop||document.documentElement.scrollTop);n||l||!allowExpand?n&&l&&(allowExpand=!0,setPanelState(!1)):(allowExpand=!1,setPanelState(!0))});}pencilInit(".js-sub-pencil",!1); // via darwin-bg var slideIndex = 0; carousel(); function carousel() { var i; var x = document.getElementsByClassName("subs_valueprop"); for (i = 0; i < x.length; i++) { x[i].style.display = "none"; } slideIndex++; if (slideIndex> x.length) { slideIndex = 1; } x[slideIndex - 1].style.display = "block"; setTimeout(carousel, 2500); }

The wanted poster of Maksim Yakubets, at the U.S. Department of Justice, in Washington, D.C., on Dec. 5, 2019.

Samuel Corum/Getty Images

U.S. authorities on Thursday took aim at a Russian cybercriminal group known as Evil Corp, indicting its Lamborghini-driving alleged leader and ordering asset freezes against 17 of his associates over a digital crime spree that has netted more than $100-million from companies across the world.

The action against Evil Corp., described by officials as one of the most damaging criminal organizations on the internet, comes with a $5-million bounty issued for information leading to the arrest of its alleged leader, Maksim Yakubets.

British authorities described the 32-year-old Yakubets as a supercar-lover who customized his Lamborghini license plate to read “Thief” in Russian and ran his operation from the basements of Moscow cafes.

Story continues below advertisement

“Yakubets is a true 21st century criminal,” U.S. Assistant Attorney General Brian Benczkowski said. “He’s earned his place on the FBI’s list of the world’s most wanted cyber criminals.”

Evil Corp is alleged to be behind an ever-evolving family of malicious software known Dridex, which has bedevilled banks and businesses since it first appeared in 2011. The malware works by hacking into banks and businesses and making rogue financial transfers that are eventually funnelled back to the hackers. It has since also branched out into ransomware.

Underlining alleged links between cybercriminals and the Russian state, U.S. Treasury officials said Yakubets worked on the side for Russia’s Federal Security Service (FSB), its domestic intelligence agency, and stole classified material on Moscow’s behalf. One senior U.S. Treasury official said he had even applied to the FSB for a license last year to handle secret documents.

Even so, the FBI’s Bowdich said the Russian government had been “helpful to a point” in their request to track the hackers down. Bowdich and other U.S. officials declined to comment on whether either of the two men had links to the Russian government. The FSB did not immediately reply to a Reuters request for comment sent after hours in Russia on Thursday.

Dridex targeted smaller businesses and organizations that lacked the sophisticated cyberdefenses of larger organizations, U.S. officials said.

Though the indictments only mentioned incidents in Nebraska and Pennsylvania, victims spanned the United States – including a dairy company in Ohio, a luggage company in New Mexico and a religious order in Nebraska, FBI Deputy Director David Bowdich told a news conference.

Losses totalled $70-million in the United States alone, officials said.

Story continues below advertisement

The crackdown straddled the world of cybercrime and intelligence. The U.S. Treasury and Justice Departments worked in co-ordination with Britain’s National Crime Agency, which published a series of photographs and video of the hacker’s lavish, devil-may-care lifestyle that featured pictures of his camouflaged car streaked with florescent yellow.

The director general of the British agency, Lynne Owens, said that Yakubets and Evil Corp “represent the most significant cyber crime threat to the U.K.,” a sentiment endorsed by John Shier, an expert at U.K.-based cybersecurity company Sophos.

“I’d put them in the top tier,” he said of the group’s operators.

American and British companies were targets of choice, according to U.S. Treasury officials, but they said France, Italy, the United Arab Emirates, India and Malaysia were also badly affected.

In addition to Yakubets, his close associate Igor Turashev, 38, was also indicted in the United States on Thursday for allegedly serving as the group’s technical administrator. U.K. authorities say they have already arrested and convicted eight other members of the network.

Reuters could not immediately locate contact details for Yakubets and Turashev, who have not been arrested and are believed to be still at large.

Story continues below advertisement

This is at least the second major effort by American authorities and their allies to bring down Evil Corp – whose eye-catching name appears to be more of nickname than a formal company. A 2015 indictment also charged Yakubets and Turashev with a series of fraud and hacking crimes, but they were never arrested and – following a brief disruption – Dridex went right back to stealing money.

Shier, of Sophos, said that Thursday’s attempt appeared to be more robust – but he doubted that Yakubets would ever see justice.

“What are the chances this guy is going to face trial in the United States?” he said. “Probably next to zero.”

Even so, officials described the charges as an important step that strips the hackers of their anonymity and makes it more difficult for them to travel internationally.

Benczkowski, head of the U.S. Justice Department’s Criminal Division, said the group was carrying out crimes as recently as May. “It is fair to say they are not out of business at this point,” he said. “But that is our ultimate goal.”

Our Morning Update and Evening Update newsletters are written by Globe editors, giving you a concise summary of the day’s most important headlines. Sign up today.

Report an error
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies