In a significant move against cybercrime, the United Kingdom has imposed sanctions on 16 members of the Russian cyber-crime group Evil Corp. This action, announced on October 1, 2024, is part of a coordinated effort with the United States and Australia to combat cyber threats.
Evil Corp, once considered the most significant cyber-crime threat globally, has been allegedly tasked by Russia to conduct operations against NATO allies. The group, active since at least 2009, has been linked to the theft of over $100 million from banks and financial institutions worldwide.
British Foreign Minister David Lammy stated, "Today's sanctions send a clear message to the Kremlin that we will not tolerate Russian cyber-attacks - whether from the state itself or from its cyber-criminal ecosystem." This statement underscores the UK's firm stance against cyber threats and their potential state-sponsored nature.
The National Crime Agency (NCA) of the UK has revealed that Evil Corp has close connections to Russian intelligence services, including the Federal Security Service (FSB), Foreign Intelligence Service (SVR), and military intelligence unit GRU. This revelation highlights the complex interplay between cybercrime and state-sponsored activities.
Maksim Yakubets, the alleged leader of Evil Corp, has been a key target of international law enforcement efforts. In 2019, the US indicted and sanctioned Yakubets, offering a $5 million reward for information leading to his arrest. Yakubets' father-in-law, Eduard Benderskiy, a former high-ranking FSB official, is said to have protected the group after the US action.
The NCA has also disclosed Evil Corp's links to the ransomware group LockBit, which has targeted major organizations such as the Industrial and Commercial Bank of China, Boeing, and Britain's Royal Mail. LockBit's operations were disrupted by Western law enforcement agencies earlier in 2024.
James Babbage, Director General for Threats at the NCA, emphasized the significance of this action, stating, "The action announced today has taken place in conjunction with extensive and complex investigations by the NCA into two of the most harmful cyber-crime groups of all time."
In a parallel move, the US Justice Department has indicted Aleksandr Ryzhenkov, described as Yakubets' right-hand man, for deploying the BitPaymer ransomware strain against numerous victims in Texas and across the country.
"Today's charges against Ryzhenkov detail how he and his conspirators stole the sensitive data of innocent Americans and then demanded ransom. With law enforcement partners here and around the world, we will continue to put victims first and show these criminals that, in the end, they will be the ones paying for their crimes."
These coordinated actions by the UK, US, and Australia demonstrate the international community's commitment to combating cybercrime and protecting critical infrastructure from digital threats. The sanctions and indictments serve as a warning to cyber criminals and their potential state sponsors, signaling that their activities will not go unchallenged.
As cyber threats continue to evolve, these efforts have contributed to the development of new cybersecurity technologies and increased measures in many organizations. The ongoing battle against groups like Evil Corp underscores the need for continued vigilance and international cooperation in the face of sophisticated cyber threats.