Oct 02, 2024 23:00:00

British authorities announce that Russian government-backed ransomware gang 'Evil Corp' conducted cyber attacks and espionage against NATO allies, UK, US and Australia impose sanctions

On October 1, 2024, the UK National Crime Agency (NCA) announced that the Russian ransomware gang 'Evil Corp' had been conducting cyber attacks and espionage activities against NATO allies under orders from the Russian government. As a result, the governments of the UK, the US and Australia have announced that they will impose sanctions on individuals and organizations associated with Evil Corp.

Further Evil Corp criminal cybers exposed, one unmasked as LockBit affiliate - National Crime Agency

https://www.nationalcrimeagency.gov.uk/news/further-evil-corp-cyber-criminals-exposed-one-unmasked-as-lockbit-affiliate

UK sanctions members of notorious 'Evil Corp' cyber-crime gang, after Lammy calls out Putin's mafia state - GOV.UK

https://www.gov.uk/government/news/uk-sanctions-members-of-notorious-evil-corp-cyber-crime-gang-after-lammy-calls-out-putins-mafia-state

Office of Public Affairs | Russian National Indicted for Series of Ransomware Attacks | United States Department of Justice
https://www.justice.gov/opa/pr/russian-national-indicted-series-ransomware-attacks

Treasury Sanctions Members of the Russia-Based Cybercriminal Group Evil Corp in Tri-Lateral Action with the United Kingdom and Australia | US Department of the Treasury
https://home.treasury.gov/news/press-releases/jy2623

Russian Evil Corp Hackers Worked with Kremlin in NATO Cyberattacks - Bloomberg
https://www.bloomberg.com/news/articles/2024-10-01/russian-ransomware-hackers-worked-with-kremlin-spies-uk-says

Russia's FSB protected Evil Corp gang that carried out Nato cyber-attacks | Hacking | The Guardian
https://www.theguardian.com/technology/2024/oct/01/russian-gang-evil-corp-nato-cyber-attacks-protection-fsb-sanctions

According to the NCA, Evil Corp, which began its activities around 2019, has used ransomware to steal millions of dollars (hundreds of millions of yen) from hundreds of banks and financial institutions in more than 40 countries.

In December 2019, the FBI imposed sanctions on Evil Corp, accusing its alleged leader, Maxim Yakubets, of providing direct support to the Russian government, including 'illegally obtaining classified documents.'

FBI puts over 500 million yen bounty on international wanted list, reveals how cybercrime money is bragging and spending lavishly - GIGAZINE

The NCA conducted an investigation into the activities of Evil Corp members, including Yakubets, in support of the Russian government. As a result, it was revealed that Evil Corp had close ties to Russia's main intelligence agencies, the Federal Security Service (FSB), the Foreign Intelligence Service (SVR), and the Military Intelligence Service of the General Staff (GRU), and was supported by Yakubets' father-in-law, Eduard Bendersky, a former senior FSB official.

Additionally, during the 2019 FBI sanctions, it was noted that Bendersky used his connections to protect members of Evil Corp.

Then, on October 1, 2024, the governments of the UK, the US and Australia announced that they would impose sanctions on Evil Corp. The UK government added 16 people, including Yakubets, Bendersky, and Alexander Ryzhenkov, who is said to be the leader of Evil Corp, to its own sanctions list .

The US Treasury Department has added seven individuals and two entities, including Yakubets, to its own sanctions list for alleged ties to Evil Corp. The US Department of Justice has also issued an indictment alleging that Ryzhenkov used ransomware called BitPaymer to attack victims in Texas and elsewhere, and hold sensitive data for ransom.

British Foreign Secretary David Lammy said: 'Russian President Vladimir Putin has built a corrupt mafia state with himself at its core and we must fight him at every turn. These sanctions send a clear message to the Russian government that cyber attacks originating from within Russia will not be tolerated.'

Additionally, U.S. Deputy Attorney General Lisa Monaco said, 'The Department of Justice is using every tool at our disposal to protect the American people from all angles of the ransomware threat. Together with our law enforcement partners both domestic and international, we will continue to show these criminals that they will pay the price for their crimes.'