Maksim Yakubets, the suspected leader of Evil Corp, is the FBI’s most wanted cybercriminal. His whereabouts are no secret, yet there’s little to no chance we’ll see him in handcuffs.
Mid-November, law enforcement scored a victory by arresting Vyacheslav “Tank” Penchukov, a cybercriminal who enjoyed a lavish lifestyle for nearly ten years despite being on the FBI’s most wanted cybercriminal list.
“Tank,” also known as “Slava Rich,” was arrested in Geneva for acting as the leader of the Jabber Zeus group. Zeus is malicious software that captures bank account numbers, passwords, personal identification numbers, and other information necessary to log into online banking accounts.
While Penchukov will stand before the court to answer allegations about a wide-ranging racketeering enterprise and scheme that installed Zeus software on victims’ computers, another infamous hacker associated with Zeus – Maksim Viktorovich Yakubets – is still out of law enforcement’s reach.
“Yakubets is a true 21st-century criminal who, with the stroke of a key and the click of a mouse, committed cybercrimes across the globe,” former Assistant Attorney General Brian A. Benczkowski said in 2019.
$5 million reward
Yakubets is wanted for his involvement with computer malware that infected tens of thousands of computers in North America and Europe, resulting in financial losses amounting to tens of millions of dollars.
In 2019, the US Treasury sanctioned 17 individuals, including Maksim Yakubets, in an attempt to disrupt the massive phishing campaigns orchestrated by the Russian-based hacker group.
“Prior to serving in this leadership role for Evil Corp, Yakubets was also directly associated with Evgeniy Bogachev, a previously designated Russian cybercriminal responsible for the distribution of the Zeus, Jabber Zeus, and GameOver Zeus malware schemes. In particular, Yakubets was responsible for recruiting and managing a network of individuals responsible for facilitating the movement of money illicitly gained through the efforts spearheaded by Evgeniy Bogachev,” it said.
The Treasury also clearly stated that Yakubets had directly assisted the Russian government. As of 2017, Yakubets was working for the Russian Federal Security Service (FSB), one of Russia’s leading intelligence organizations, provided material assistance to the FSB, and was “tasked to work on projects for the Russian state, to include acquiring confidential documents through cyber-enabled means and conducting cyber-enabled operations on its behalf. “
The US is offering a reward of up to $5 million for information leading to the arrest and conviction of Yakubets.
“Yakubets and his co-conspirators did not discriminate in their choice of targets. For example, the Nebraska complaint alleges that Yakubets was directly involved in the theft of tens of thousands of dollars from a religious order of Franciscan sisters,” Benczkowski said.
Evil Corp is responsible for developing and distributing the Dridex malware, designed to steal banking credentials. According to Cybersecurity and Infrastructure Security Agency (CISA), the original version of Dridex first appeared in 2012 and, by 2015, had become one of the most prevalent financial Trojans.
In 2014 alone, Dridex operators were sending 15,000 spam emails each day in an attempt to infect victims’ devices, mainly in the US and the UK. This aggressive spam campaign resulted in tens of millions of dollars in losses in both countries.
According to the Treasury, as of 2016, Evil Corp had harvested banking credentials from customers at approximately 300 banks and financial institutions in over 40 countries, making the group one of the main financial threats faced by businesses.
“In particular, Evil Corp heavily targets financial services sector organizations located in the United States and the United Kingdom. Through their use of the Dridex malware, Evil Corp has illicitly earned at least $100 million, though it is likely that the total of their illicit proceeds is significantly higher.”
If Yakubets ever leaves the safety of Russia, he will be arrested and extradited to the US. However, while in Russia, he can enjoy his lavish lifestyle.
International law enforcement flooded the media with pictures of Yakubets driving his $200,000-worth Lamborghini with a custom license plate that reads “thief” and spinning circles with his car right in front of Moscow’s police.
He’s also splashing out on pet tigers and lion cubs, going on SPA vacations that cost up to a million rubles a week.
His wedding to the daughter of an ex-FSB officer, Eduard Bendersky, is rumored to have cost a minimum of $300,000. Moscow-based Caramel wedding service even flooded the internet with footage from the extravagant celebration. His bride poses in many pictures, yet Yakubets, without exception, is always turned away from the lens.
"He's roaming free in Russia, and he's not in prison, and Russia is taking no steps to arrest him," Irina Tsukerman, a geopolitical analyst specializing in information security and cybersecurity, told Cybernews.
The Treasury alleges that Yakubets has developed a relationship with all three major Russian intelligence services.
"Russia is more than a haven for cybercriminals. I would say that there is a direct link between some of these cyber groups and intelligence," Tsukerman reckons.
Cyber gangs carry out some operations on behalf of the government, and, in exchange, authorities help them evade international law enforcement and make money from their illicit activities.
Yakubets is also rumored to be close friends with Dmitri Peskov, the press secretary for Russian President Vladimir Putin.
"Location of these individuals is known to authorities, and it could be easy to arrest them, throw them in prison, or make them disappear. But they are serving their [Kremlin's] purpose, and there's an apparent, intentional, planned structure to everything happening," Tsukerman said.
More from Cybernews:
Subscribe to our newsletter