US Department of Justice brought charges to the two Russians, who, according to law enforcement information, are behind the development of the Maldevri Dridex and not only.
The indictment states that the 32-year-old Maxim Yakubets and 38 year old Igor Turashev were the developers of the famous banking Trojan Dridex, and Yakubets was the leader of the group. In addition, Yakubets is also accused of developing and distributing another well-known banker, ZeuS, the predecessor of Dridex, which ran from 2007 to 2010. Let me remind you that the first time Dridex was noticed by researchers in 2011, a year after the ZeuS source codes were published on the network.
According to law enforcement, Yakubets used ZeuS to steal more than $ 70,000,000 from his victims. But at the same time, Dridex was named the main development of Yakubets, as well as the ecosystem built around him, which brought the hacker about another 100 million US dollars.
Initially, the name Dridex was assigned to the classic banking trojan, which appeared in 2011 and stole banking credentials from infected hosts, introducing fake login pages into the browsers of the victims. Later, other malicious activity of its operators, including the Necurs botnet and the BitPaymer ransomware, began to be associated with the name Dridex. In fact, IS researchers began to designate a criminal group by the name Dridex, although hackers themselves often called themselves Evil Corp.
Back in 2014, the National Crime Agency of Great Britain called this group "the most dangerous hacker group in the world." According to the agency, now published, Yakubets hired dozens of people to manage various Evil Corp operations and did not hesitate to brag about his illegally acquired wealth on social networks. So, he often published photos of expensive cars (for example, a custom-made Audi R8 or Lamborghini Huracan), bundles of money and so on.
US authorities reportthat Yakubets and his accomplices not only used Dridex themselves, but also allowed other criminals to distribute the malware on their own behalf, subject to receiving an initial payment of $ 100,000, as well as 50% of all income (at least $ 50,000 per week).
It is known that the second suspect, Igor Turashev, was a developer of Dridex. The US Department of Justice claims to have performed various duties, including system administration, managing internal control panels, and monitoring botnet operations. In addition, it is believed that it was he who organized spam campaigns and later used Dridex to install ransomware on victims' computers.
Currently, Yakubets and Turashev are still free and, according to the FBI, live in Moscow. And now the US authorities are offering a reward of $ 5 million for any information that could lead to the arrest of Maxim Yakubets.
Apart from absentee charges and remuneration The U.S. Treasury Department also imposed sanctions in relation to 24 organizations and persons associated with Evil Corp and Yakubets. Now they have limited access to assets and international financial systems.
The authorities' announcements were accompanied by a video conference at which it was announced that, in the opinion of American law enforcers, Yakubets has been cooperating with the Russian government since 2017. Allegedly, he is helping Russian intelligence agencies collect sensitive information from Dridex victims' computers. At the same time, the US authorities confirmed that during the investigation they worked with Russian law enforcement agencies, which responded to their requests and "helped" to some extent.