Treasury sanctions Evil Corp, cyber criminal group behind Dridex malwareChristian Fernsby ▼ | December 6, 2019
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) took action against Evil Corp, the Russia-based cybercriminal organization responsible for the development and distribution of the Dridex malware.
Data security Treasury Department
Topics: Evil cyber criminal Dridex
This malicious software has caused millions of dollars of damage to U.S. and international financial institutions and their customers.
Concurrent with OFAC’s action, the Department of Justice charged two of Evil Corp’s members with criminal violations, and the Department of State announced a reward for information up to $5 million leading to the capture or conviction of Evil Corp’s leader.
“Treasury is sanctioning Evil Corp as part of a sweeping action against one of the world’s most prolific cybercriminal organizations. This coordinated action is intended to disrupt the massive phishing campaigns orchestrated by this Russian-based hacker group,” said Steven T. Mnuchin, Secretary of the Treasury.
“OFAC’s action is part of a multiyear effort with key NATO allies, including the United Kingdom. Our goal is to shut down Evil Corp, deter the distribution of Dridex, target the “money mule” network used to transfer stolen funds, and ultimately to protect our citizens from the group’s criminal activities.”
This action clarifies that, in addition to his involvement in financially motivated cybercrime, the group’s leader, Maksim Yakubets, also provides direct assistance to the Russian government’s malicious cyber efforts, highlighting the Russian government’s enlistment of cybercriminals for its own malicious purposes. Maksim Yakubets is not the first cybercriminal to be tied to the Russian government.
In 2017, the Department of Justice indicted two Russian Federal Security Service (FSB) officers and their criminal conspirators for compromising millions of Yahoo email accounts.
In October 2015, the Department of Justice indicted Andrey Ghinkul for spreading the Dridex malware. At that same time, the Federal Bureau of Investigation and the NCA disrupted the global infrastructure utilized at the time by Evil Corp.
Over the past several years, the NCA and the United Kingdom’s Metropolitan Police Service have arrested multiple individuals who enabled the activities of Evil Corp, including laundering stolen proceeds acquired through the Dridex malware.
As a result of this designations, all property and interests in property of these persons subject to U.S. jurisdiction are blocked, and U.S. persons are generally prohibited from engaging in transactions with them.
Additionally, any entities 50 percent or more owned by one or more designated persons are also blocked. Foreign persons may be subject to secondary sanctions for knowingly facilitating a significant transaction or transactions with these designated persons.
This action targets 17 individuals and seven entities to include Evil Corp, its core cyber operators, multiple businesses associated with a group member, and financial facilitators utilized by the group. ■