Advertisement

U.S. charges two Russians in connection with Dridex banking malware

Both suspects are still in Russia.
(Greg Otto/Original image Getty)

U.S. prosecutors have charged two Russian nationals, including one member of the FBI’s “Most Wanted” list, in connection with two years-long hacking and fraud campaigns that resulted in the theft of millions of dollars from American organizations.

The Department of Justice charged Maksim Yakubets and Igor Turashev with involvement in the development and distribution of the malicious software known as Bugat. Bugat is a predecessor to Dridex, a banking malware strain that has haunted international victims for more than eight years, while prosecutors said Yakubets also was involved with Zeus, another pernicious hacking tool.

Both suspects remain at large in Russia. Prosecutors unsealed the indictment against Yakubets and Turashev in conjunction with U.S. sanctions against Evil Corp, which the Treasury Department says is the criminal organization, led by Yakubets, behind the Dridex malware. Yakubets also has provided direct assistance to the Russian government’s “malicious cyber efforts, highlighting the Russian government’s enlistment of cybercriminals for its own malicious purposes,” the Treasury Department said in a statement.

“Sitting quietly at computer terminals far, far away these cybercriminals allegedly stole tens of millions of dollars,” Assistant Attorney General Brian Benczkowski said during a press conference Thursday. “Each and every one of these computer intrusions was effectively a cyber-enabled bank robbery.”

Advertisement

Evil Corp has used Dridex to infect computers, then collect usernames and passwords from hundreds of banks and financial institutions in more than 40 countries, the Treasury Department said. The attacks have resulted in more than $100 million in theft.

As both suspects have evaded arrest, the theft scheme remains ongoing, prosecutors said. The Dridex malware infects victims by convincing users to click malicious links in emails or banking pages, and later evolved to include ransomware. Meanwhile Zeus, Yakubets’ other alleged malware, has hit banks, nonprofit organizations and 21 U.S. municipalities, according to the criminal complaint.

The U.K.’s National Crime Agency, which has participated in the investigation, alleged that tools developed by Yakubets and Turashev have caused the equivalent of millions of dollars in losses in Britain, while the suspects have not tried to hide their activities while living in Russia. The NCA also released a trove of pictures and videos of the suspects driving in fast cars and playing with expensive toys.

The U.S. is offering rewards of up to $5 million for information aiding the apprehension and/or conviction of the accused hackers. That figure is the largest reward ever offered by American authorities for a suspected cybercriminal.

Advertisement

The full complaint is available below.

[documentcloud url=”http://www.documentcloud.org/documents/6568857-Yakubets.html” responsive=true]

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts