Russian Pair Charged on Multimillion-Dollar Malware Hack

(CN) — Putting up the largest sum ever offered for a cyber-criminal’s arrest, the State Department announced it will pay up to $5 million for information pertaining to a Russian hacker charged Thursday for his decade-long role in international bank fraud and malware schemes.

Unsealing a 10-count indictment in Pittsburgh and a federal complaint in Lincoln, Nebraska, prosecutors charged Maksim V. Yakubets, 32, of Moscow, in connection to the creation and distribution of malware systems that have infected computers at municipalities, banks, companies and nonprofit organizations in more than a dozen states.

The programs known as Bugat and Zeus automate the theft of confidential personal and financial information through infected computers using keystroke logging and web injects.

As the leader of a group of conspirators involved, the indictment says Yakubets “oversaw and managed the development, maintenance, distribution, and infection of Bugat as well as the financial theft and the use of money mules.”

In Pennsylvania but not Nebraska, Yakubets is charged alongside Igor Turashev, 38, from Yoshkar-Ola, Russia.

“For over a decade, Maksim Yakubets and Igor Turashev led one of the most sophisticated transnational cybercrime syndicates in the world,” Pittsburgh U.S. Attorney Scott Brady said in a statement Thursday. “Deploying ‘Bugat’ malware, also known as ‘Cridex’ and ‘Dridex,’ these cybercriminals targeted individuals and companies in western Pennsylvania and across the globe in one of the most widespread malware campaigns we have ever encountered.” 

Prosecutors say Yakubets and Turashev used Bugat to steal millions from two banks, a school district, a petroleum business, a building materials supply company, a vacuum technology company, a metal manufacturer and a firearm manufacturer.

The money was allegedly directed first into the accounts of so-called money mules who ultimately smuggled the funds overseas as cash.

Prosecutors say Yakubets began the conspiracy with Zeus malware in 2009, infecting thousands of business computers to gain access to passwords, account numbers, and other data that allows one to log into online banking accounts in order to subsequently steal funds. The indictment alleges that the scheme resulted in an estimated $70 million in losses from victims’ bank accounts.

The reward for Yakubets is covered by the Transnational Organized Crime Rewards Program, which was created in 2013 to assist law enforcement officials in capturing transnational criminal organization leaders and members.

In a statement, Assistant Attorney General Brian Benczkowskiof described Bugat and Zeus as “two of the most damaging pieces of financial malware ever used.”

%d bloggers like this: