Play Live Radio
Next Up:
0:00 0:00
Available On Air Stations

Russian Hacking Group Evil Corp. Charged By Federal Prosecutors In Alleged Bank Fraud

U.S. and British authorities are seeking the arrest of Russian national Maksim Yakubets. Authorities say Yakubets ran Evil Corp., a group of alleged cyber hackers who stole tens of millions of dollars from victims worldwide through phishing schemes.
U.S. and British authorities are seeking the arrest of Russian national Maksim Yakubets. Authorities say Yakubets ran Evil Corp., a group of alleged cyber hackers who stole tens of millions of dollars from victims worldwide through phishing schemes.

Updated at 1:43 p.m. ET

Federal law enforcement officials have announced criminal charges against two Russian nationals who operate a hacking organization known as Evil Corp., a group officials say is responsible for one of the most sweeping banking fraud schemes in the past decade.

The criminal indictments were unsealed in Pittsburgh, Pa., and Lincoln, Nebraska, against Maksim Yakubets, 32, and Igor Turashev, 38, both of whom live in Russia. The duo are accused of bank and wire fraud and computer hacking, among other counts.

Trump officials are offering $5 million for information that leads to the arrest of Yakubets, the leader of Evil Corp. Authorities say he lived a extravagant and flamboyant life with his ill-gotten gains, driving a Lamborghini with a license plate that reads "Thief" in Russian.

Russia typically does not extradite its citizens to the U.S. for prosecution, but authorities said that would not discourage their efforts.

Operating from the basements of Moscow cafes, investigators say Yakubets' group targeted victims in some 21 municipalities in one of the most widespread malware campaigns U.S. authorities have ever encountered.

The group infiltrated banks and non-profits from California to Maine. Among the victims, authorities say, were a luggage business in New Mexico, a dairy in Ohio and a community of Franciscan sisters in Chicago.

"These two cases demonstrate our commitment to unmasking the perpetrators behind the world's most egregious cyberattacks," said Assistant Attorney General Brian Benczkowski, who leads the Justice Department's criminal division. "It is fair to say that they are not out of business at this point, but that is our ultimate goal."

Officials say Evil Corp. developed and distributed a type of malware that infected computers around the world and harvested banking credentials in order to steal some $100 million.

The malware software was known as Dridex, which automated the theft of confidential information from banking customers after someone clicks on a phishing emails, according to officials with the Justice and Treasury departments.

Investigators believe that the Russian government may have been complicit in the criminal enterprise.

"It's simply inconceivable that an organization like this can steal that amount of money from that money places using a distributive malware like Dridex without the Russian government being well-aware of those activities," a senior Treasury officials said.

Treasury Secretary Steven Mnuchin described the group as "one of the world's most prolific cybercriminal organizations.

He continued: "Our goal is to shut down Evil Corp, deter the distribution of Dridex, target the 'money mule 'network used to transfer stolen funds, and ultimately to protect our citizens from the group's criminal activities."

Yakubets is alleged to have committed separate cyber crimes on behalf of the Russian government, working for Russia's Federal Security Service (FSB), the country's domestic intelligence agency. Last April, he was in the process of getting a license to work with classified information on behalf of the Russian government, according to authorities.

"Evil Corp and their Dridex software serves as yet another example of the Russian government enlisting the assistance of cyber criminals to carry out malign activities," a senior Treasury official said.

In all, the group used malicious software in attempting to steal some $220 million, having successfully illegally transferred about $70 million from individual bank accounts using malware known as "Zeus" and "Bugat."

Yakubets and Turashev captured banking credentials using an online tool known as botnet, which takes over a computer's operating system. From there, authorities say they would transfer money from a victim's bank into a "money mule" account, or someone who receives stolen funds and then moves them into an overseas account.

The duo victimized banks, a school district, a petroleum business and other firms in the Pittsburgh area, pilfering millions of dollars, according to the charging documents.

In a separate criminal complaint also unsealed on Thursday in Nebraska, Yakubets, who goes by the moniker "aqua," was additionally charged with conspiracy to participate in racketeering activity and computer fraud and theft charges for stealing from banks and small businesses in Nebraska.

Two Ukrainian associates of "aqua" were extradited from the United Kingdom to the U.S. and given prison sentences after pleading guilty to being part of a hacking scheme in 2015.

Treasury officials also froze the assets of 17 associates of Evil Corp. The actions were taken in conjunction with Britain's National Crime Agency.

Copyright 2020 NPR. To see more, visit

Bobby Allyn is a business reporter at NPR based in San Francisco. He covers technology and how Silicon Valley's largest companies are transforming how we live and reshaping society.