Russian hacker group Evil Corp was hit with sanctions by United States, United Kingdom and Australian authorities.
Last week, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), the UK’s Foreign, Commonwealth & Development Office (FCDO), and Australia’s Department of Foreign Affairs and Trade (DFAT) all imposed sanctions on Evil Corp. At the same time, the United States Department of Justice also unsealed an indictment that charges an organization member with using BitPaymer ransomware against U.S. citizens.
A tight-knit group
Evil Corp is the organization behind the Dridex malware responsible for harvesting login credentials which led to over $100 million of stolen funds from hundreds of banks across over 40 countries. The cybercrime cabal in question is well connected to the Russian hacking underworld and local state entities.
An October 3 Chainalysis report highlighted the connections between Evil Corp and the operators of the LockBit ransomware. On-chain data shows that the LockBit ransomware family has close associations with Evil Corp wallet addresses — with both having used the same centralized exchange deposit addresses.
This can signify that it is either the same group or two closely collaborating organizations sharing a money-laundering infrastructure. Some reports suggest that Evil Corp has used LockBit to rebrand away from the sanctions imposed on it.
Chainalysis further reports that several Evil Corp members are related. The group’s leader Maksim Victorovich Yakubets also reportedly worked with Russia’s Federal Security Service (FSB) and is working to obtain clearance to handle classified information. The leader’s father Viktor Yakubets also participates in the operation, as does his father-in-law, Eduard Benderskiy, who is also a former FSB officer.
The report follows the UK’s National Cyber Security Centre (NCSC) warning in late January that artificial intelligence (AI) will increase the threat of ransomware globally over the next two years.