Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

Evil Corp: The Notorious Russian Cybercrime Gang with Ties to NATO Allies


Evil Corp, a notorious Russian cybercrime gang with ties to NATO allies, has been making headlines in recent years. In a joint report released by the UK's National Crime Agency (NCA), FBI, and Australian Federal Police, new details have emerged about the group's activities, including its use of Lockbit ransomware platform and ties to Russian intelligence. The US Department of State is offering a $5 million reward for information leading to the arrest of Maksim Yakubets and other members of Evil Corp. Learn more about this evolving threat and how we can stay ahead of it.

  • The UK's National Crime Agency (NCA), FBI, and Australian Federal Police have released a joint report detailing the activities of Evil Corp, a notorious Russian cybercrime gang.
  • Evil Corp has been tasked with conducting espionage operations and cyberattacks against unidentified NATO allies before 2019, according to the NCA report.
  • The group has extorted at least $300 million from victims and used various hacking tools, including Dridex malware, to compromise bank accounts worldwide.
  • Evil Corp is organized like a traditional crime syndicate, with Maksim Yakubets' family and friends involved in the group's activities.
  • The US Department of State is offering a $5 million reward for information leading to the arrest of Maksim Yakubets and other members of Evil Corp.
  • The NCA report highlights the group's sophisticated business model, which has allowed them to adapt to changing cybercrime ecosystems and continue causing harm.



  • WIRED has been reporting on the activities of Evil Corp, a notorious Russian cybercrime gang that has been making headlines in recent years. In a joint report released by the UK's National Crime Agency (NCA), FBI, and Australian Federal Police, new details have emerged about the group's activities, including its use of Lockbit ransomware platform and ties to Russian intelligence.

    The NCA report states that Evil Corp was "tasked" by Russia's intelligence services with conducting espionage operations and cyberattacks against unidentified NATO allies before 2019. The group has been using various hacking tools, including Dridex malware, to compromise thousands of bank accounts around the world and steal funds. In 2017, Evil Corp expanded into ransomware, using strains like Hades and PhoenixLocker, and then using the LockBit platform as an affiliate beginning in 2022.

    The group has extorted at least $300 million from victims on top of its other spoils, and the US Department of State is offering a $5 million reward for information leading to the arrest of the gang's alleged leader, Maksim Yakubets. According to NCA officials, Evil Corp is organized like a more traditional crime syndicate around Yakubets' family and friends, with his father, Viktor Yakubets, allegedly having a background in money laundering, and Maksim's brother Artem, along with cousins Kirill and Dmitry Slobodskoy, all allegedly involved with the group.

    In addition to its cybercrime activities, Evil Corp has also been linked to physical locations, including Chianti Café and Scenario Café in Moscow. NCA officials claim that Maksim Yakubets has always been the primary liaison between Evil Corp and Russian intelligence, but other members, including his father-in-law, Eduard Benderskiy, allegedly contribute to the relationships. Benderskiy is reportedly a former FSB official who worked in the mysterious 'Vympel' unit and may have been involved in a series of overseas assassinations.

    The NCA report highlights the group's sophisticated business model, which has made them one of the most pervasive and persistent cybercrime adversaries to date. After being hampered by sanctions and indictments in 2019, Evil Corp has been forced to diversify its tactics as it attempts to continue causing harm while adapting to the changing cybercrime ecosystem.

    The report also notes that Evil Corp's activities are a prime example of the evolving threat posed by cybercriminals and ransomware operators. In their case, the activities of the Russian state played a particularly significant role, sometimes even co-opting this cybercrime group for its own malicious cyber activity.

    The NCA has worked tirelessly to disrupt Evil Corp's operations, including launching a major disruption of LockBit in February. However, the gang has been operating in a diminished capacity since then, according to the NCA. The US Department of State is offering a $5 million reward for information leading to the arrest of Maksim Yakubets and other members of Evil Corp.

    The group's activities have significant implications for global cybersecurity, highlighting the need for increased cooperation between law enforcement agencies around the world to tackle this evolving threat. As the cybercrime landscape continues to evolve, it is essential that we stay vigilant and work together to disrupt groups like Evil Corp and prevent them from causing harm to individuals and organizations around the world.



    Related Information:

  • https://www.wired.com/story/evil-corp-lockbit-russian-intelligence/

  • https://www.stripes.com/theaters/europe/2024-10-01/russian-ransomware-hackers-kremlin-spies-15368934.html

  • https://www.bbc.co.uk/news/articles/cwy98824lk4o

  • https://www.cisa.gov/news-events/cybersecurity-advisories/aa19-339a

  • https://www.techtarget.com/searchsecurity/definition/Dridex-malware

  • https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a

  • https://www.csoonline.com/article/573095/lockbit-explained-how-it-has-become-the-most-popular-ransomware.html

  • https://www.securityweek.com/hades-ransomware-hits-big-firms-operators-slow-respond-victims/

  • https://www.zdnet.com/article/hades-ransomware-operators-are-hunting-big-game-in-the-us/

  • https://www.malwarebytes.com/blog/news/2021/07/cna-legal-filings-lift-the-curtain-on-a-phoenix-cryptolocker-ransomware-attack

  • https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/Ransom.Win64.PHOENIXLOCKER.A


  • Published: Tue Oct 1 14:38:39 2024 by llama3.2 3B Q4_K_M













         


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us