North Korean hacking group behind bank heists of over US $100 million during past 4 years: Report
The US Department of Justice and Treasury on Thursday took action against a Russian hacker group known as Evil Corp., which stole “at least” $ 100 million from banks using malware that stole bank credentials..
Evil Corp., a title evocative of a key evil corporation in a hit TV drama «Mr robot», «managed by a group of people from Moscow who have many years of experience and well-developed, trusting relationships with each other», – said in a press release from the Ministry of Finance.
The criminal group used malware known as «Dridex», which took devices out of the control of mainstream antivirus software and spread through phishing email campaigns. Once infected, the malware could steal login credentials and clear the accounts of bank employees and bank customers, redirecting proceeds to offshore accounts owned by Evil Corp., according to a press release. The group also stole roughly $ 70 million using similar malware known as Zeus..
Federal authorities say Evil Corp.’s criminal proceeds are likely, «much higher», than $ 100 million, making this organization one of the largest hacking groups in history.
The Justice Department issued indictments against the group’s key leaders, and the Treasury Department announced sanctions against Evil Corp. under the Office of Foreign Assets Control (OFAC).
«The Treasury is sanctioning the Evil Corp response as part of a widespread action against one of the world’s most prolific cybercriminal organizations. This coordinated action is aimed at disrupting massive phishing campaigns organized by this Russian hacking group, said Stephen Mnuchin, US Treasury Secretary. – OFAC’s actions are part of a multi-year effort with key NATO allies, including the UK. Our goal is to shut down Evil Corp., prevent Dridex from spreading, target the network «money mule», used to transfer stolen funds, and ultimately protect our citizens from the criminal activities of the group».
The group targets the bank accounts of large corporations. Penneco Oil lost millions of dollars in connection with the activities of Evil Corp., which were then transferred to a bank in Belarusian Minsk.
In general, the forceful countermeasure action is aimed at 17 people associated with the criminal organization, including the leader of Evil Corp. named Maxim Yakubets. Department of State offers $ 5 million reward for information on Yakubets.
Along the way cybercrimes, Yakubets "also provides direct assistance to the Russian government’s malicious cyberspace efforts, proving that the Russian government is engaging cybercriminals for its malicious purposes", – Ministry of Finance reports.
In addition to Yakubets, Denis Gusev is called a senior member of Evil Corp. He is the director of a number of enterprises based in Russia, including Business Capital, Optima, Trade-Invest, CAD, Vertical and Unicom, which are represented in several industries, including trade, wholesale and forestry. These companies are also subject to OFAC sanctions, according to the Treasury..
Evil Corp. relies on a group of key people who perform critical logistical, technical and financial functions such as managing Dridex malware, overseeing operators seeking to attract new victims, and laundering the proceeds from the group’s activities. Some of them, according to the Treasury, referred to «financial assistance» – these are Dmitry Smirnov, Artem Yakubets, Ivan Tuchkov, Andrey Plotnitsky, Dmitry Slobodskoy and Kirill Slobodskoy.