UK reveals father and son at heart of Evil Corp hackers
The UK, US and Australia have announced sanctions against 16 people authorities accuse of being part of the most wanted cyber crime gang in the world.
Russia-based Evil Corp is accused of stealing around $300m in nearly ten years of hacking.
The UK’s National Crime Agency (NCA) says it can now reveal the gang’s notorious leader, Maksim Yakubets, has been supported by his father Viktor Yakubets – something he had denied when interviewed by the BBC in 2021.
The information has been released as part of a large, multinational operation to disrupt Evil Corp and another notorious hacking group called LockBit.
Known for their mafia-style of operation, Evil Corp has waged a campaign of destructive cyber-attacks worldwide for over a decade.
In 2019, Maksim Yakubets was sanctioned and a $5m bounty was put up for his arrest, along with another man called Igor Turashev.
Other Russian individuals, including Yakubets’ brother Artem, were also named as part of the US sanctions and designations.
In 2021 the BBC travelled to Russia to search for and interview members of the gang to get their side of the story.
At a former home of Maksim Yakubets we found his father, who gave an impassioned defence of his son while claiming he was personally innocent.
But now the NCA says that Yakubets senior was a major part of the cyber-crime group, accusing him of aiding the gang in laundering some of its stolen funds.
As well as the Yakubets family members, Maksim’s father-in-law was also sanctioned for helping to protect and coordinate the group with his connections to the Russian security services.
Western authorities have now officially linked Eduard Benderskiy, a former high-ranking FSB official, to Evil Corp.
“Maksim Yakubets and his Evil Corp gang has for years lived the archetypal Russian hacker playboy lifestyle seemingly untouchable to law enforcement but today’s announcement shows that we are still watching, digging and determined to disrupt them and bring them to justice,” said Will Lyne, Head of Cyber Intelligence at the NCA.
LockBit connections
Another of those sanctioned is Aleksandr Ryzhenkov, described by the NCA as the younger Yakubets’ right-hand man, and an affiliate of the notorious ransomware gang LockBit.
It’s the first time that a member of Evil Corp has been linked to another major gang and indicates that hackers are working across groups to carry out attacks.
As well as the sanctions, four arrests were made, including two in the UK.
In August, the NCA executed a number of search warrants in the south of England and arrested a 46-year-old male who is suspected of being linked to a LockBit affiliate.
A 50-year-old female was also arrested on suspicion of money laundering offences.
They too were interviewed and later released under investigation whilst the criminal investigation continues.
Both individuals were identified through the analysis and enrichment of data acquired during the course of Operation Cronos – the international police operation that brought down LockBit’s internal infrastructure.
“The action announced today has taken place in conjunction with extensive and complex investigations by the NCA into two of the most harmful cybercrime groups of all time,” said James Babbage, Director General for Threats at the NCA.
The NCA said Evil Corp’s links to the Russian links to the Russian state had been exposed.
“Today’s sanctions send a clear message to the Kremlin that we will not tolerate Russian cyber-attacks – whether from the state itself or from its cyber-criminal ecosystem,” said foreign secretary David Lammy.