Russian Criminal Gang Conducted Cyberattacks on NATO Allies
A Russian criminal gang, known as Evil Corp, has been secretly conducting cyberattacks and espionage operations against NATO allies on the orders of the Kremlin’s intelligence services, according to the UK’s National Crime Agency (NCA).
Background of Evil Corp
- Evil Corp includes a leader who gained notoriety for driving a Lamborghini luxury sports car.
- The gang has been accused of using malicious software to extort millions of dollars from hundreds of banks and financial institutions in more than 40 countries.
- The US government sanctioned Evil Corp in December 2019 and accused its alleged leader, Maksim Yakubets, of providing "direct assistance” to the Russian state, including by "acquiring confidential documents.”
Alleged Ties to Russian Intelligence Agencies
- The gang cultivated close ties with officials from Russia’s main intelligence agencies, including the Federal Security Service (FSB), Foreign Intelligence Service (SVR), and a military intelligence agency of the General Staff of the Armed Forces (GRU).
- Yakubets’ father-in-law, Eduard Benderskiy, a former high-ranking official of a secretive FSB unit named Vympel, allegedly aided the gang in their activities.
- Benderskiy used his FSB connections to protect the hackers from any internal blowback from Russian authorities when the US punished them in 2019.
International Efforts to Punish Evil Corp
- The UK, US, and Australian governments announced sanctions against the group on Oct 1.
- The UK sanctioned sixteen people involved with Evil Corp, including Yakubets, Benderskiy, and another alleged leader, Aleksandr Ryzhenkov.
- The US Treasury added seven people and two entities linked to Evil Corp to its sanctions list.
- David Lammy, the UK’s Foreign Secretary, stated that the sanctions were intended to send a message to the Kremlin that Russian cyberattacks wouldn’t be tolerated.
Targets and Operations
- Evil Corp’s Ryzhenkov worked with the ransomware group LockBit, targeting as many as 60 organizations and trying to extort a total of US$100 million.
- Hackers working for LockBit, known as affiliates, claimed credit for breaching major companies, including the US arm of the Industrial and Commercial Bank of China, Boeing Co, and the UK’s national postal service, the Royal Mail.
Recent Developments and Actions Taken
- People linked to LockBit were recently arrested in the UK, France, and Spain, with nine servers seized.
- The NCA is continuing to pursue others connected to the gang.
Analysis
The actions of Evil Corp and their ties to Russian intelligence agencies highlight the growing threat of cybercrime on a global scale. The sanctions imposed by the UK, US, and Australian governments serve as a warning to those engaging in malicious activities that they will face consequences for their actions.
It is crucial for individuals and organizations to remain vigilant against cyber threats and take proactive measures to protect their data and systems from potential attacks. By staying informed and implementing robust cybersecurity measures, we can collectively work towards a safer digital environment for all.