Treasury Secretary Steve Mnuchin speaks about sanctions against Turkey at a news briefing at the White House in Washington, October 11, 2019.
Yuri Gripas | Reuters
The U.S. Justice and Treasury departments took action Wednesday against a Russian hacking group known as “Evil Corp.,” which stole “at least” $100 million from banks using malicious software that swiped banking credentials, according to a joint press release.
“Evil Corp.,” a name reminiscent of the nickname for the key malevolent corporation in the popular television drama “Mr. Robot,” is “run by a group of individuals based in Moscow, Russia, who have years of experience and well-developed, trusted relationships with each other,” according to a Treasury Department press release.
The criminal group used a type of malware known as “Dridex,” which worked to evade common antivirus software and spread through emailed phishing campaigns. Once infected, the malware was able to steal login credentials and empty the accounts of bank employees and bank customers, forwarding the proceeds to offshore accounts held by Evil Corp, according to the press release.
The federal agencies say Evil Corp.’s criminal proceeds likely are “significantly higher” than the estimated $100 million stolen, making the enterprise one of the biggest hacking groups ever, according to the release.
The Justice Department announced indictments against key ringleaders of the group, while the Treasury Department announced sanctions against Evil Corp. under the department’s Office of Foreign Assets Control (OFAC).
“Treasury is sanctioning Evil Corp as part of a sweeping action against one of the world’s most prolific cybercriminal organizations. This coordinated action is intended to disrupt the massive phishing campaigns orchestrated by this Russian-based hacker group,” said Steven T. Mnuchin, Secretary of the Treasury, in a statement. “OFAC’s action is part of a multiyear effort with key NATO allies, including the United Kingdom. Our goal is to shut down Evil Corp, deter the distribution of Dridex, target the “money mule” network used to transfer stolen funds, and ultimately to protect our citizens from the group’s criminal activities.”
The group targeted major corporations in addition to bank accounts using a variety of methods. Penneco Oil allegedly lost millions of dollars, which were then transferred to a bank in Minsk, Belarus. hey targeted, apparently unsuccessfully, The Sharon City School District in Western Pennsylvania but were more successful draining funds from the bank account of Penneco Oil. Transferring millions to a mank in Minsk, Belarus. A UK resident assistant by creating botnets.
This is a developing story. Check back for details.