HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » Latest Breaking News (Forum) » Treasury Sanctions Evil C...

Thu Dec 5, 2019, 12:16 PM

Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware

Source: U S Treasury Press Release


December 5, 2019

Washington – Today the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) took action against Evil Corp, the Russia-based cybercriminal organization responsible for the development and distribution of the Dridex malware. Evil Corp has used the Dridex malware to infect computers and harvest login credentials from hundreds of banks and financial institutions in over 40 countries, causing more than $100 million in theft. This malicious software has caused millions of dollars of damage to U.S. and international financial institutions and their customers. Concurrent with OFAC’s action, the Department of Justice charged two of Evil Corp’s members with criminal violations, and the Department of State announced a reward for information up to $5 million leading to the capture or conviction of Evil Corp’s leader. These U.S. actions were carried out in close coordination with the United Kingdom’s National Crime Agency (NCA). Additionally, based on information obtained by the Treasury Department’s Financial Crimes Enforcement Network (FinCEN), the Treasury Department’s Office of Cybersecurity and Critical Infrastructure Protection (OCCIP) released previously unreported indicators of compromise associated with the Dridex malware and its use against the financial services sector.

“Treasury is sanctioning Evil Corp as part of a sweeping action against one of the world’s most prolific cybercriminal organizations. This coordinated action is intended to disrupt the massive phishing campaigns orchestrated by this Russian-based hacker group,” said Steven T. Mnuchin, Secretary of the Treasury. “OFAC’s action is part of a multiyear effort with key NATO allies, including the United Kingdom. Our goal is to shut down Evil Corp, deter the distribution of Dridex, target the “money mule” network used to transfer stolen funds, and ultimately to protect our citizens from the group’s criminal activities.”

Worldwide, cybercrime results in losses that total in the billions of dollars, while in the United States, financial institutions and other businesses remain prime targets for cybercriminals. Today’s action clarifies that, in addition to his involvement in financially motivated cybercrime, the group’s leader, Maksim Yakubets, also provides direct assistance to the Russian government’s malicious cyber efforts, highlighting the Russian government’s enlistment of cybercriminals for its own malicious purposes. Maksim Yakubets is not the first cybercriminal to be tied to the Russian government. In 2017, the Department of Justice indicted two Russian Federal Security Service (FSB) officers and their criminal conspirators for compromising millions of Yahoo email accounts. The United States Government will not tolerate this type of activity by another government or its proxies and will continue to hold all responsible parties accountable.

Today’s designations and indictments were issued in furtherance of previous international actions targeting Evil Corp in an effort to further disrupt and degrade the group’s ability to operate. In October 2015, the Department of Justice indicted Andrey Ghinkul for spreading the Dridex malware. At that same time, the Federal Bureau of Investigation and the NCA disrupted the global infrastructure utilized at the time by Evil Corp. Over the past several years, the NCA and the United Kingdom’s Metropolitan Police Service have arrested multiple individuals who enabled the activities of Evil Corp, including laundering stolen proceeds acquired through the Dridex malware.

As a result of today’s designations, all property and interests in property of these persons subject to U.S. jurisdiction are blocked, and U.S. persons are generally prohibited from engaging in transactions with them. Additionally, any entities 50 percent or more owned by one or more designated persons are also blocked. Foreign persons may be subject to secondary sanctions for knowingly facilitating a significant transaction or transactions with these designated persons.

Read more: https://home.treasury.gov/news/press-releases/sm845

10 replies, 995 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 10 replies Author Time Post
Reply Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware (Original post)
Tactical Peek Dec 5 OP
Wellstone ruled Dec 5 #1
WhiteTara Dec 5 #2
Wellstone ruled Dec 5 #3
ToxMarz Dec 5 #4
htuttle Dec 5 #6
Wellstone ruled Dec 5 #7
htuttle Dec 5 #8
Wellstone ruled Dec 5 #9
DavidDvorkin Dec 5 #5
crazytown Dec 5 #10

Response to Tactical Peek (Original post)

Thu Dec 5, 2019, 12:29 PM

1. Interesting to say the least.

Amazed Mnuchin and his Pals let this happen.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Wellstone ruled (Reply #1)

Thu Dec 5, 2019, 12:48 PM

2. rival mobs?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to WhiteTara (Reply #2)

Thu Dec 5, 2019, 01:54 PM

3. Sure looking that way.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to WhiteTara (Reply #2)

Thu Dec 5, 2019, 02:26 PM

4. The more they steal

The less for others to steal

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Wellstone ruled (Reply #1)

Thu Dec 5, 2019, 06:01 PM

6. They probably didn't pay Putin his vig

Reply to this post

Back to top Alert abuse Link here Permalink


Response to htuttle (Reply #6)

Thu Dec 5, 2019, 06:03 PM

7. The Orange Anus King might be

a bit worried about what you say. Remember Rudy was a Numbers Runner as a kid for his old man. And the Orange Anus was his side kick.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Wellstone ruled (Reply #7)

Thu Dec 5, 2019, 06:14 PM

8. [redacted]

I discovered that some might consider the term G**mbah to be an ethnic slur against italians in general, though my own experience has been with it associated with mobsters exclusively.

So I redacted the post.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to htuttle (Reply #8)

Thu Dec 5, 2019, 06:26 PM

9. Okay.

Understand,different times requires better name descriptions.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Tactical Peek (Original post)

Thu Dec 5, 2019, 02:27 PM

5. In the TV series Mr. Robot, the evil corporation, E Corp., is always referred to as Evil Corp.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Tactical Peek (Original post)

Thu Dec 5, 2019, 08:44 PM

10. Dr. Evil does not like.

 

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread