The relationship between infamous cybercrime outfit Evil Corp and the Russian state is thought to be extraordinarily close, so close that intelligence officials allegedly ordered the criminals to carry out cyberattacks on NATO members.
That's according to National Crime Agency (NCA) officials who are close to the ongoing investigation into Evil Corp and its members, with the officers naming one man earlier today whom they suspect is both a high-up EvilCorp member and a prolific LockBit ransomware affiliate.
The targets supposedly given by the spies to the cybercrims weren't named, but sources claim there were multiple instances in which Russian intelligence services were working directly with Evil Corp members on state-sponsored cyberattacks before the 2019 disruption of the group.
Should the claims be true, it would confirm a long-held suspicion that in exchange for safe harbor or a general blind-eye approach to their criminality, Russia would order cybercrime gangs to conduct attacks on enemies of the state.
It has already been established that the now-disbanded Conti and Trickbot groups had close relationships with Russian intelligence, carrying out tasks related to Russia's invasion of Ukraine, and in 2017 two FSB officers were indicted for ordering the 2014 attacks on half a billion Yahoo user accounts.
But the intel being released today illustrates the ties between Evil Corp and Russia's FSB, SVR, and GRU like never before.
The relationship between Evil Corp and Russia went far beyond what is typical for state-organized crime ties, it's understood. Although each relationship of this kind is unique, Evil Corp's is thought to be extra special.
Many members of the cybercrime gang had direct relationships with intelligence officials, the agency claims, although it alleges that "ringleader" Maksim Yakubets was the primary liaison between the state and Evil Corp.
Yakubets – who has a $5 million bounty from US Feds on his head and was today sanctioned by the UK - is associated with the three intelligence services, claims the agency. It goes on to allege that the association may not have been as close had he not received a little help from a friend – his father-in-law, in fact, who according to the NCA just so happened to be a former FSB officer.
It has long been known that Eduard Benderskiy is the father-in-law of one of the most wanted cybercriminal suspects in the world, but fresh intel from the NCA today reveals the claimed extent to which Benderskiy allegedly played a role in Evil Corp's success. Benderskiy is also on the UK sanctions list as of today.
According to 2020 Bellingcat and Der Spiegel reports, Benderskiy – aka Bendersky – was formerly a prominent figurehead in Russian media and often spoke on behalf of what's now known as Department V – a rebrand of the Vympel special operations group first established in 1981.
Vympel was a KGB unit tasked with overseas operations, which handled matters such as illegal spying, kidnappings, assassinations, and everything in between.
- Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud
- Deja blues... LockBit boasts once again of ransoming IRS-authorized eFile.com
- Even Russia's Evil Corp now favors software-as-a-service
- Feds slap $5m bounty on 'Evil Corp' Russian duo accused of running ZeuS, Dridex banking trojans
Yakubets' father-in-law owns multiple businesses carrying the Vympel name and is thought by the NCA to have been a key enabler of the privileged relationship between Evil Corp and the state.
Benderskiy is also believed to have lent his support to Evil Corp during the aftermath of the law enforcement disruption of the group and subsequent sanctions in 2019. Current intelligence suggests he used his money, power, and influence to secure protection for Evil Corp's members both via physical security services and from being pursued by Russia's internal authorities, the agency says.
A family affair
The aforementioned disruption of Evil Corp in 2019 saw Maksim Yakubets' brother, Artem, added to the sanctions list, as were Dmitriy and Kirill Slobodskoy, who have now been revealed as his cousins. Law enforcement officials claim all three were core members of Evil Corp and played a part in its success.
However, another landmark revelation in the case is that Maksim's father, Viktor, is also alleged to have held an important role in the cybercrime gang, with authorities believing he had ties to money laundering.
The agency said that Evil Corp's ability to translate their criminal proceeds into real spending money was as important to their success as their technical exploits.
The information follows a BBC investigation from 2021 in which Viktor Yakubets was doorstepped and quizzed about his son's various alleged criminal endeavors. He denied knowing anything about his son's alleged criminality and unsurprisingly made no mention of his own suspected involvement in Evil Corp either.
Authorities believe Evil Corp extorted at least $300 million since it spun up in 2014, with victims located in more than 40 countries and spanning various sectors. From big tech firms to charities, finance to healthcare – nothing was off limits. ®