The first individual, Maksim V. Yakubets, goes by the name “aqua” online and is wanted in relation to “two separate international computer hacking and bank fraud schemes spanning from May 2009 to the present,” according to the Department of Justice. Yakubets is allegedly tied to both the Zeus and Bugat malware campaigns. The second individual, Igor Turashev, faces charges related to his alleged involvement in Bugat.
The State Department, FBI, and Transnational Organized Crime Rewards Program are offering a reward of up to $5 million for information that leads to the arrest and conviction of Yakubets, the DOJ added.
The Treasury Department separately announced sanctions against 17 individuals and seven entities including Evil Corp, “its core cyber operators,” and other businesses and financial facilitators involved in the group’s doings. Authorities claimed that Evil Corp and its associates netted more than $100 million from victims using the Bugat malware, which was spread via phishing attacks and used multiple methods such as keyloggers and fake banking pages to steal banking credentials and initiate transfers. The NCA says that Bugat (also known as Dridex) was used to target almost 300 organizations in 40+ nations.
“Each and every one of these intrusions was effectively a cyber-enabled bank robbery,” assistant US attorney general Brian Benczkowski said at a press conference announcing the unsealing, according to Wired.
As Wired noted, the Bugat campaign persisted for years despite efforts by authorities including the successful prosecution of a system admin, Andrey Ghinkul and manipulating its botnets through a technique called “sinkholing” in 2016. The FBI also indicted a network of “money mules,” who are used to launder proceeds from the bank transfers, in 2016.
Additionally, the FBI alleges that Yakubets was a core member of the Zeus campaign, which used similar methods to steal $70 million from a variety of U.S.-based institutions. Court documents show that investigators have evidence that Yakubets was also in the franchising business, Wired wrote, offering a person living in the UK “access to Bugat in exchange for $100,000 up front, plus 50 percent of all revenues, with a minimum take of $50,000 a week.”
That is to say, crime does pay, at least judging from tweets from the UK’s National Crime Agency showing Yakubets and Evil Corp members engaged in such commonplace activities as holding stacks of cash, having lavish weddings, and hanging out with what appears to be either a lion or tiger cub. According to Motherboard, the NCA’s photos appear to show that Evil Corp members owned a custom-painted Audi R8, a camouflage Lamborghini Huracan, and a painted Nissan GTR, all vehicles in the six-figure range.
“We’ve been able to identify an online presence for associates of these individuals which gives you a very good pen portrait of their behavior and the type of lifestyle they lead,” NCA Cyber Crime Unit director Rob Jones told reporters, according to CNN. “Which is cash rich, fast cars, behaving and acting like very flamboyant and extravagant millionaires.”
Authorities admitted that because Evil Corp members are based in Russia, which is reluctant to extradite hackers to Western authorities. Additionally, the Treasury Department alleged that Yakubets has been working with the FSB since 2017 and was “in the process of obtaining a license to work with Russian classified information” in early 2018.
“Because these criminals are in Russia, some may ask why pursue them, you may never get your hands on them,” FBI Deputy Director David Bowdich said at the press conference, CNN reported. “It’s difficult, no doubt, but it’s not impossible, as we have shown time and time again over the past number of years... The Russian government did provide a response to a mutual legal assistance treaty request. It was a response that was helpful in the investigation to a point. To a point.”