Russian nationals charged with banking cybercrimes
The U.S. Department of Justice has joined with the U.S. Department of State and the United Kingdom’s National Crime Agency in charging two Russian nationals, Maksim Y. Yakubets and Igor Turashev, with a vast and long-running cybercrime spree that stole from thousands of individuals and organizations in the United States and abroad. They are charged with an effort that infected tens of thousands of computers with a malicious code called Bugat. Once installed, the computer code, also known as Dridex or Cridex, allowed the criminals to steal banking credentials and funnel money directly out of victims’ bank accounts. Their names and those of their associates have been added to the SDN List.
Evil Corp sanctioned for infecting bank computers
OFAC has announced action taken against Evil Corp, the Russia-based cybercriminal organization responsible for the development and distribution of the Dridex malware. The Dridex malware is a multifunctional malware package that is designed to automate the theft of confidential information, to include online banking credentials from infected computers.
Evil Corp has used the Dridex malware to infect computers and harvest login credentials from hundreds of banks and financial institutions in over 40 countries, causing more than $100 million in theft. OFAC's action targets 17 individuals and seven entities to include Evil Corp, its core cyber operators, multiple businesses associated with a group member, and financial facilitators utilized by the group. Identification information on the designated individuals and entities can be found in BankersOnline's OFAC Update.
FinCEN and the CISA (U.S. Cybersecurity and Infrastructure Security Agency) issued a Report on Dridex Malware that provides an overview of the malware, related activity, and a list of previously unreported indicators of compromise derived from information reported to FinCEN by private sector financial institutions. Because actors using Dridex malware and its derivatives continue to target the financial services sector, including financial institutions and customers, the techniques, tactics, and procedures contained in this report warrant renewed attention. Treasury and CISA encourage network security specialists to incorporate these indicators into existing Dridex-related network defense capabilities and planning.