2 Russian Nationals Charged in Hacking, Malware Schemes That Caused Tens of Millions in Losses

December 5, 2019 Updated: December 5, 2019

Two Russian nationals have been charged in connection to two separate hacking and malware schemes that have resulted in the theft of millions of dollars from victims worldwide.

Maksim Yakubets, 32, and Igor Turashev, 38, both residing in Russia, have been indicted on a series of charges including conspiracy, computer hacking, and fraud for their involvement in a decade-long cybercrime spree that deployed some of the “most damaging pieces of financial malware ever used” to steal from unsuspecting victims, according to officials from the Justice Department, FBI, and the UK on Thursday.

Yakubets, who is known by his online name “aqua,” has been charged in two separate international computer and hacking bank fraud schemes that spanned from May 2009 to the present.

In one case, Yakubets was allegedly responsible for leading a group of conspirators in the development and distribution of a malware package called “Bugat” that was designed to steal confidential personal and financial information such as banking details from infected computers, according to an indictment that was unsealed on Thursday (pdf).

The program “Bugat,” for example, was able to allow criminals to hijack a computer and present a fake online banking webpage to trick the user into providing his or her personal or financial information. It was also designed to defeat antiviruses installed by victims and was updated multiple times to increase its functionality, the indictment said.

After capturing a victim’s banking details, Yakubets and his associates would make unauthorized electronic funds transfers from the victim’s bank accounts into accounts of “money mules,” people who receive the stolen funds then move the money to other accounts or withdraw the funds for transport overseas, the indictment alleges.

Some of these victims in the United States include the Sharon City School District in the Western District of Pennsylvania, two banks, and four companies including the Penneco Oil Company, Inc., building materials supply company 84 Lumber, and firearm manufacturer Remington Outdoor Company.

Yakubets was also charged in connection to another conspiracy to commit bank fraud by deploying a different malware program called “Zeus” that operated similarly to the “Bugat” scheme, according to a separate criminal complaint unsealed on Thursday (pdf).

The “Zeus” program victimized 21 specific municipalities, banks, companies, and non-profit organizations across several states including California, Massachusetts, and Nebraska. This scheme resulted in the attempted theft of an estimated $220 million with actual losses of an estimated $70 million from the victims’ bank accounts, the complaint said.

Yakubets’s role was to provide money mules and associates with banking details in order to withdraw money from victims’ accounts.

Along with Yakubets, two other co-conspirators of the “Zeus” scheme Yuriy Konovaleko and Yevhen Kulibaba have been extradited from the United Kingdom to the United States. The two men pleaded guilty to conspiracy to participate in racketeering activity in 2015 and have completed their prison sentences, the Justice Department said.

Meanwhile, Turashev was charged only in connection to the “Bugat” scheme in which he allegedly handled a variety of jobs such as system administration, management of the internal control panel, and oversight of botnet operations.

“The cybercriminals allegedly stole tens of millions of dollars from unwitting members of our business, nonprofit, governmental and religious communities,” Assistant Attorney General Brian Benczkowski said at the press conference on Thursday. “Each and every one of these computer intrusions was effectively a cyber-enabled bank robbery. We take crimes like this extremely seriously, and will do everything in our power to hold these criminals accountable for their crimes.”

During the press conference, officials described the lifestyle Yakubets and his associates lead, saying that they are “cash-rich, [have] fast cars, [and are] behaving and acting like very flamboyant and extravagant millionaires.”

They also said the schemes have affected thousands of victims and about 300 organizations in 43 countries, which is a low estimate. They added that the Russian government also provided a response to a mutual legal assistance treaty request, saying that their assistance was helpful to the investigation “to a point.”

“Today’s announcement should make clear to those engaged in cybercrime that we will identify you, we will unmask you, and we will prosecute you, no matter how much effort it requires, or how long it might take. You will never have a safe haven from the efforts of the United States law enforcement and our international partners to bring you to justice,” Benczkowski said.

The State Department and the FBI have announced a reward of up to $5 million under the Transnational Organized Crime Rewards Program for information leading to the arrest and/or conviction of Yakubets—the largest reward offered for a cybercriminal to date.

Follow Janita on Twitter: @janitakan