WASHINGTON, DC - The U.S. Department of Justice last week joined with the U.S. Department of State and the United Kingdom's National Crime Agency in charging two Russian nationals with a vast and long-running cybercrime spree that stole from thousands of individuals and organizations in the United States and abroad.
Along with several co-conspirators, Maksim V. Yakubets, 38 from Moscow Russia, and Igor Turashev, 38, from Yoshkar-Ola, Russia, were charged with infecting tens of thousands of computers with a malicious code called Bugat. Once installed, the computer code, also known as Dridex or Cridex, allowed the criminals to steal banking credentials and funnel money directly out of victims' accounts. The long-running scheme involved a number of different code variants, and later version also installed ransomware on victim computers. The criminals then demanded payment in cryptocurrency for returning vital data or restoring access to critical systems.
Assisted in some cases by money mules who funneled the stolen funds through U.S. bank accounts before shipping the money overseas, the group stole or extorted tens of millions of dollars from victims. Among those affected was a Pennsylvania school district that saw $999,000 wired out of its accounts and an oil company that lost more than $2 million.
The FBI, in partnership with the State Department's Transnational Organized Crime Rewards Program, also announced a reward of up to $5 million for information leading to the arrest of Yakubets, who is alleged to be the leader of the scheme. The reward is the largest ever offered for a cyber criminal.
"The actions highlighted today, which represent a continuing trend of cyber-criminal activity emanating from Russian actors, were particularly damaging as they targeted U.S. entities across all sectors and walks of life," FBI Deputy Director David Bowdich said Friday. "The FBI, with the assistance of private industry and our international and U.S. government partners, is sending a strong message that we will work together to investigate and hold all criminals accountable."
According to the charges, the co-conspirators distributed the malware through email phishing campaigns. In the early years, these messages were sent in massive, widespread campaigns. More recent attacks have been more strategic-specifically targeting businesses and organizations that have valuable computer systems and access to significant financial resources.
Victims were tricked into opening a document or clicking on a graphic or link that appeared to be from a legitimate source. The link or attachment downloaded the malicious code onto the user's machine, where it could also spread to any networked computers.
According to FBI Supervisory Special Agent Steven Lampo, this campaign deployed a stealth type of malware designed to avoid detection by antivirus software. "The full program does too much and is too big to avoid detection," Lampo said Friday. The smaller piece of code, however, can inject itself into the running processes of the machine-beginning a process that allows the full suite of malware to load onto the machine or network. The malware's creators were constantly creating new variants of the code to avoid antivirus tools.
"The actions highlighted today, which represent a continuing trend of cyber criminal activity emanating from Russian actors, were particularly damaging as they targeted U.S. entities across all sectors and walks of life."
FBI Deputy Director David Bowdich
"Although their realm is a digital one, this is one of the world's largest organized crime groups," FBI Supervisory Special Agent Adam Lawson of the Major Cyber Crimes Unit said Friday. "They are personally getting rich, and new organizations and individuals are being victimized every day."
Turashev and Yakubets were both indicted in Pittsburgh the Western District of Pennsylvania on conspiracy to commit fraud, wire fraud, and bank fraud, among other charges. Yakubets was also tied to charges of conspiracy to commit bank fraud issued in Lincoln in the District of Nebraska after investigators were able to connect him to the indicted moniker "aqua" from that case, which involved another malware variant known as Zeus.
Russian National Charged with Decade-Long Series of Hacking and Bank Fraud Offenses Resulting in Tens of Millions in Losses and Second Russian National Charged with Involvement in Deployment of "Bugat" Malware