Russian National Charged with Decade-Long Series of Hacking and Bank Fraud ..
.. Offenses Resulting in Tens of Millions in Losses and Second Russian National Charged with Involvement in Deployment of “Bugat” Malware (Dridex, Cridex)
.pdf:
* Yakubets Turashev Indictment
* Yakubets Complaint
* Turashev Wanted Poster
* Yakubets Wanted Poster
Опять накрыли агентуру, работающую на ФСБ в целях разведки за рубежом.
Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware
Today the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) took action against Evil Corp, the Russia-based cybercriminal organization responsible for the development and distribution of the Dridex malware. Evil Corp has used the Dridex malware to infect computers and harvest login credentials from hundreds of banks and financial institutions in over 40 countries, causing more than $100 million in theft. This malicious software has caused millions of dollars of damage to U.S. and international financial institutions and their customers. Concurrent with OFAC’s action, the Department of Justice charged two of Evil Corp’s members with criminal violations, and the Department of State announced a reward for information up to $5 million leading to the capture or conviction of Evil Corp’s leader. These U.S. actions were carried out in close coordination with the United Kingdom’s National Crime Agency (NCA). Additionally, based on information obtained by the Treasury Department’s Financial Crimes Enforcement Network (FinCEN), the Treasury Department’s Office of Cybersecurity and Critical Infrastructure Protection (OCCIP) released previously unreported indicators of compromise associated with the Dridex malware and its use against the financial services sector.
“Treasury is sanctioning Evil Corp as part of a sweeping action against one of the world’s most prolific cybercriminal organizations. This coordinated action is intended to disrupt the massive phishing campaigns orchestrated by this Russian-based hacker group,” said Steven T. Mnuchin, Secretary of the Treasury. “OFAC’s action is part of a multiyear effort with key NATO allies, including the United Kingdom. Our goal is to shut down Evil Corp, deter the distribution of Dridex, target the “money mule” network used to transfer stolen funds, and ultimately to protect our citizens from the group’s criminal activities.”
Worldwide, cybercrime results in losses that total in the billions of dollars, while in the United States, financial institutions and other businesses remain prime targets for cybercriminals. Today’s action clarifies that, in addition to his involvement in financially motivated cybercrime, the group’s leader, Maksim Yakubets, also provides direct assistance to the Russian government’s malicious cyber efforts, highlighting the Russian government’s enlistment of cybercriminals for its own malicious purposes. Maksim Yakubets is not the first cybercriminal to be tied to the Russian government. In 2017, the Department of Justice indicted two Russian Federal Security Service (FSB) officers and their criminal conspirators for compromising millions of Yahoo email accounts. The United States Government will not tolerate this type of activity by another government or its proxies and will continue to hold all responsible parties accountable.
Today’s designations and indictments were issued in furtherance of previous international actions targeting Evil Corp in an effort to further disrupt and degrade the group’s ability to operate. In October 2015, the Department of Justice indicted Andrey Ghinkul for spreading the Dridex malware. At that same time, the Federal Bureau of Investigation and the NCA disrupted the global infrastructure utilized at the time by Evil Corp. Over the past several years, the NCA and the United Kingdom’s Metropolitan Police Service have arrested multiple individuals who enabled the activities of Evil Corp, including laundering stolen proceeds acquired through the Dridex malware.
As a result of today’s designations, all property and interests in property of these persons subject to U.S. jurisdiction are blocked, and U.S. persons are generally prohibited from engaging in transactions with them. Additionally, any entities 50 percent or more owned by one or more designated persons are also blocked. Foreign persons may be subject to secondary sanctions for knowingly facilitating a significant transaction or transactions with these designated persons.
Designation Targets
Today’s action targets 17 individuals and seven entities to include Evil Corp, its core cyber operators, multiple businesses associated with a group member, and financial facilitators utilized by the group. OFAC designated these persons pursuant to Executive Order (E.O.) 13694, as amended, which targets malicious cyber-enabled actors around the world, and as codified by the Countering America’s Adversaries Through Sanctions Act.
[. DRIDEX infection chain photo .]
Evil Corp is the Russia-based cybercriminal organization responsible for the development and distribution of the Dridex malware. The Dridex malware is a multifunctional malware package that is designed to automate the theft of confidential information, to include online banking credentials from infected computers. Dridex is traditionally spread through massive phishing email campaigns that seek to entice victims to click on malicious links or attachments embedded within the emails. Once a system is infected, Evil Corp uses compromised credentials to fraudulently transfer funds from victims’ bank accounts to those of accounts controlled by the group. As of 2016, Evil Corp had harvested banking credentials from customers at approximately 300 banks and financial institutions in over 40 countries, making the group one of the main financial threats faced by businesses. In particular, Evil Corp heavily targets financial services sector organizations located in the United States and the United Kingdom. Through their use of the Dridex malware, Evil Corp has illicitly earned at least $100 million, though it is likely that the total of their illicit proceeds is significantly higher. As a result of this activity, Evil Corp is being designated pursuant to E.O. 13694, as amended, for engaging in cyber-enabled activities that have the effect of causing a significant misappropriation of funds or economic resources for private financial gain.
Evil Corp operates as a business run by a group of individuals based in Moscow, Russia, who have years of experience and well-developed, trusted relationships with each other. Maksim Yakubets (Yakubets) serves as Evil Corp’s leader and is responsible for managing and supervising the group’s malicious cyber activities. For example, as of 2017, Yakubets supervised Evil Corp actors who were attempting to target U.S. companies. As of 2015, Yakubets maintained control of the Dridex malware and was in direct communication with Andrey Ghinkul prior to the unsealing of his indictment. As a result, Yakubets is being designated pursuant to E.O. 13694, as amended, for having acted for or on behalf of and for providing material assistance to Evil Corp. Prior to serving in this leadership role for Evil Corp, Yakubets was also directly associated with Evgeniy Bogachev, a previously designated Russian cybercriminal responsible for the distribution of the Zeus, Jabber Zeus, and GameOver Zeus malware schemes. In particular, Yakubets was responsible for recruiting and managing a network of individuals responsible for facilitating the movement of money illicitly gained through the efforts spearheaded by Evgeniy Bogachev. Yakubets is the subject of an indictment and criminal complaint unsealed today by the Department of Justice, while the Department of State announced a $5 million reward for information leading to the capture of Yakubets.
In addition to his leadership role within Evil Corp, Yakubets has also provided direct assistance to the Russian government. As of 2017, Yakubets was working for the Russian FSB, one of Russia’s leading intelligence organizations that was previously sanctioned pursuant to E.O. 13694, as amended, on December 28, 2016. As of April 2018, Yakubets was in the process of obtaining a license to work with Russian classified information from the FSB. As a result, Yakubets is also being designated pursuant to E.O. 13694, as amended, for providing material assistance to the FSB. Additionally, as of 2017, Yakubets was tasked to work on projects for the Russian state, to include acquiring confidential documents through cyber-enabled means and conducting cyber-enabled operations on its behalf.
Another key Evil Corp figure targeted today is Igor Turashev (Turashev). As of 2017, Turashev was involved in helping Evil Corp exploit victims’ networks. As of 2015, Turashev served as an administrator for Yakubets and had control over the Dridex malware. As a result, Turashev is being designated pursuant to E.O. 13694, as amended, for having acted for or on behalf of and for providing material assistance to Evil Corp. Turashev is also the subject of an indictment unsealed today by the Department of Justice.
Denis Gusev (Gusev), a senior member of Evil Corp, is also being designated today for his active role in furthering Evil Corp’s activities. As of 2017, Gusev was involved in helping Evil Corp move to a new office location and as of 2018, Gusev served as a financial facilitator for Evil Corp and its members. As a result, Gusev is being designated pursuant to E.O. 13694, as amended, for having acted for or on behalf of and for providing material assistance to Evil Corp.
Gusev also serves as the General Director for six Russia-based businesses. These entities include Biznes-Stolitsa, OOO, Optima, OOO, Treid-Invest, OOO, TSAO, OOO, Vertikal, OOO, and Yunikom, OOO. As a result, these entities are being designated pursuant to E.O. 13694, as amended, for being owned or controlled by Gusev.
In addition to Yakubets, Turashev, and Gusev, Evil Corp relies upon a cadre of core individuals to carry out critical logistical, technical, and financial functions such as managing the Dridex malware, supervising the operators seeking to target new victims, and laundering the proceeds derived from the group’s activities. These additional core members of the group include Dmitriy Smirnov, Artem Yakubets, Ivan Tuchkov, Andrey Plotnitskiy, Dmitriy Slobodskoy, and Kirill Slobodskoy. As a result, these six individuals are being designated pursuant to E.O. 13694, as amended, for having acted for or on behalf of and for providing material assistance to Evil Corp.
To transfer the proceeds gained through their use of the Dridex malware, Evil Corp relies upon a network of money mules who are involved in transferring stolen funds obtained from victims’ bank accounts to accounts controlled by members of Evil Corp. Previously, the NCA arrested multiple individuals in the United Kingdom suspected of laundering the criminal profits of cybercrime schemes, including those perpetrated by Evil Corp, through hundreds of accounts at various banks in the United Kingdom. Today, OFAC is designating eight Moscow-based individuals who have served as financial facilitators for Evil Corp. These individuals include Aleksei Bashlikov, Ruslan Zamulko, David Guberman, Carlos Alvares, Georgios Manidis, Tatiana Shevchuk, Azamat Safarov, and Gulsara Burkhonova. As a result, these eight individuals are being designated pursuant to E.O. 13694, as amended, for providing financial and material assistance to Evil Corp. ©
Reward of up to $5 Million Offered for Information Leading to Arrest or Conviction
The United States of America, through its Departments of Justice and State, and the United Kingdom, through its National Crime Agency (NCA), today announced the unsealing of criminal charges in Pittsburgh, Pennsylvania, and Lincoln, Nebraska, against Maksim V. Yakubets, aka online moniker, “aqua,” 32, of Moscow, Russia, related to two separate international computer hacking and bank fraud schemes spanning from May 2009 to the present. A second individual, Igor Turashev, 38, from Yoshkar-Ola, Russia, was also indicted in Pittsburgh for his role related to the “Bugat” malware conspiracy. The State Department, in partnership with the FBI, announced today a reward of up to $5 million under the Transnational Organized Crime Rewards Program for information leading to the arrest and/or conviction of Yakubets. This represents the largest such reward offer for a cyber criminal to date.
Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division, U.S. Attorney Scott W. Brady for the Western District of Pennsylvania, U.S. Attorney Joseph P. Kelly for the District of Nebraska, FBI Deputy Director David Bowdich, Principal Deputy Assistant Secretary James A. Walsh of the State Department’s Bureau of International Narcotics and Law Enforcement Affairs (INL), and Director Rob Jones of the Cyber Crime Unit at the United Kingdom’s National Crime Agency (NCA) made the announcement.
“Maksim Yakubets allegedly has engaged in a decade-long cybercrime spree that deployed two of the most damaging pieces of financial malware ever used and resulted in tens of millions of dollars of losses to victims worldwide,” said Assistant Attorney General Benczkowski. “These two cases demonstrate our commitment to unmasking the perpetrators behind the world’s most egregious cyberattacks. The assistance of our international partners, in particular the National Crime Agency of the United Kingdom, was crucial to our efforts to identify Yakubets and his co-conspirators.”
“For over a decade, Maksim Yakubets and Igor Turashev led one of the most sophisticated transnational cybercrime syndicates in the world,” said U.S. Attorney Brady. “Deploying ‘Bugat’ malware, also known as ‘Cridex’ and ‘Dridex,’ these cybercriminals targeted individuals and companies in western Pennsylvania and across the globe in one of the most widespread malware campaigns we have ever encountered. International cybercriminals who target Pennsylvania citizens and companies are no different than any other criminal: they will be investigated, prosecuted and held accountable for their actions.”
“The Zeus scheme was one of the most outrageous cybercrimes in history,” said U.S. Attorney Kelly. “Our identification of Yakubets as the actor who used the moniker ‘aqua’ in that scheme, as alleged in the complaint unsealed today, is a prime example of how we will pursue cyber criminals to the ends of justice no matter how long it takes, by tracking their activity both online and off and working with our international partners to expose their crimes.”
“Today’s announcement involved a long running investigation of a sophisticated organized cybercrime syndicate,” said FBI Deputy Director Bowdich. “The charges highlight the persistence of the FBI and our partners to vigorously pursue those who desire to profit from innocent people through deception and theft. By calling out those who threaten American businesses and citizens, we expose criminals who hide behind devices and launch attacks that threaten our public safety and economic stability. The actions highlighted today, which represent a continuing trend of cyber-criminal activity emanating from Russian actors, were particularly damaging as they targeted U.S. entities across all sectors and walks of life. The FBI, with the assistance of private industry and our international and U.S. government partners, is sending a strong message that we will work together to investigate and hold all criminals accountable. Our memory is long and we will hold them accountable under the law, no matter where they attempt to hide.”
“Combatting cybercrime remains a top national security priority for to the United States,” said INL Principal Deputy Assistant Secretary of State Walsh. “The announcements today represent a coordinated interagency effort to bring Maksim Yakubets to justice and to address cybercrime globally.”
“This is a landmark for the NCA, FBI and U.S. authorities and a day of reckoning for those who commit cybercrime,” said NCA Director Jones. “Following years of online pursuit, I am pleased to see the real world identity of Yakubets and his associate Turashev revealed. Yakubets and his associates have allegedly been responsible for losses and attempted losses totalling hundreds of millions of dollars. This is not a victimless crime, those losses were once people’s life savings, now emptied from their bank accounts. Today the process of bringing Yakubets and his criminal associates to justice begins. This is not the end of our investigation, and we will continue to work closely with international partners to present a united front against criminality that threatens our prosperity and security.”
Yakubets and Turashev Indicted in Relation to “Bugat” Malware
A federal grand jury in Pittsburgh returned a 10-count indictment, which was unsealed today, against Yakubets and Turashev, charging them with conspiracy, computer hacking, wire fraud, and bank fraud, in connection with the distribution of “Bugat,” a multifunction malware package designed to automate the theft of confidential personal and financial information, such as online banking credentials, from infected computers. Later versions of the malware were designed with the added function of assisting in the installation of ransomware.
According to the indictment, Bugat is a malware specifically crafted to defeat antivirus and other protective measures employed by victims. As the individuals behind Bugat improved the malware and added functionality, the name of the malware changed, at one point being called “Cridex,” and later “Dridex,” according to the indictment. Bugat malware was allegedly designed to automate the theft of confidential personal and financial information, such as online banking credentials, and facilitated the theft of confidential personal and financial information by a number of methods. For example, the indictment alleges that the Bugat malware allowed computer intruders to hijack a computer session and present a fake online banking webpage to trick a user into entering personal and financial information.
The indictment further alleges that Yakubets and Turashev used captured banking credentials to cause banks to make unauthorized electronic funds transfers from the victims’ bank accounts, without the knowledge or consent of the account holders. They then allegedly used persons, known as “money mules,” to receive stolen funds into their bank accounts, and then move the money to other accounts or withdraw the funds and transport the funds overseas as smuggled bulk cash. According to the indictment, they also used a powerful online tool known as a botnet in furtherance of the scheme.
Yakubets was the leader of the group of conspirators involved with the Bugat malware and botnet, according to the indictment. As the leader, he oversaw and managed the development, maintenance, distribution, and infection of Bugat as well as the financial theft and the use of money mules. Turashev allegedly handled a variety of functions for the Bugat conspiracy, including system administration, management of the internal control panel, and oversight of botnet operations.
According to the indictment, Yakubets and Turashev victimized multiple entities, including two banks, a school district, and four companies including a petroleum business, building materials supply company, vacuum and thin film deposition technology company and metal manufacturer in the Western District of Pennsylvania and a firearm manufacturer. The indictment alleges that these attacks resulted in the theft of millions of dollars, and occurred as recently as March 19, 2019.
Yakubets Charged in Relation to “Zeus” Malware
A criminal complaint was also unsealed in Lincoln today charging Yakubets with conspiracy to commit bank fraud in connection with the “Zeus” malware. Beginning in May 2009, Yakubets and multiple co-conspirators are alleged to have a long-running conspiracy to employ widespread computer intrusions, malicious software, and fraud to steal millions of dollars from numerous bank accounts in the United States and elsewhere. Yakubets and his co-conspirators allegedly infected thousands of business computers with malicious software that captured passwords, account numbers, and other information necessary to log into online banking accounts, and then used the captured information to steal money from victims’ bank accounts. As with Bugat, the actors involved with the Zeus scheme were alleged to have employed the use of money mules and a botnet.
Yakubets and his co-conspirators are alleged to have victimized 21 specific municipalities, banks, companies, and non-profit organizations in California, Illinois, Iowa, Kentucky, Maine, Massachusetts, New Mexico, North Carolina, Ohio, Texas, and Washington, identified in the complaint, including multiple entities in Nebraska and a religious congregation. According to the complaint, the deployment of the Zeus malware resulted overall in the attempted theft of an estimated $220 million USD, with actual losses of an estimated $70 million USD from victims’ bank accounts. According to the complaint, Yakubets’ role in the Zeus scheme was to provide money mules and their associated banking credentials in order to facilitate the movement of money, which was withdrawn from victim accounts by fraudulent means.
An individual charged as John Doe #2, also known as “aqua,” was indicted in District of Nebraska in case number 4:11-CR-3074. The indictment in that case charges that individual and others with conspiracy to participate in racketeering activity, conspiracy to commit computer fraud and identity theft, aggravated identity theft, and multiple counts of bank fraud related to the Zeus scheme. As alleged, the complaint unsealed today associates use of the moniker “aqua” in the Zeus scheme to Yakubets.
In case number 4:11-CR-3074, two of the co-conspirators of “aqua,” Ukrainian nationals Yuriy Konovaleko and Yevhen Kulibaba, were extradited from the United Kingdom to the United States. Konovalenko and Kulibaba both pleaded guilty in 2015 to conspiracy to participate in racketeering activity and have completed prison sentences that were imposed. Konovalenko and Kulibaba were previously convicted in the United Kingdom, after an investigation conducted by the Metropolitan Police Service, for their role in laundering £3 million GBP on behalf of the group responsible for the Zeus malware.
State Department $5 million USD Reward
The U.S. Department of State’s Transnational Organized Crime (TOC) Rewards Program is offering a reward of up to $5 million for information on Yakubets. Cyber threats are a top national security threat to the United States, and the Department of State’s TOC Rewards Program is one of the many tools used by U.S. authorities to bring significant cybercriminals to justice. Congress established the TOC Rewards Program in 2013 to support law enforcement efforts to dismantle transnational criminal organizations and bring their leaders and members to justice. The U.S. Department of State’s Bureau of International Narcotics and Law Enforcement Affairs manages the program in coordination with other U.S. federal agencies.
In addition to NCA, the law enforcement actions taken related to these two prosecutions were assisted by the efforts of law enforcement counterparts from The Netherlands, Germany, Belarus, Ukraine, and the Russian Federation.
The FBI’s Pittsburgh and Omaha Field Offices led the investigations of Yakubets and Turashev with assistance by the FBI’s Major Cyber Crimes Unit and Global Operations and Targeting Unit. The prosecution in Pittsburgh is being handled by Assistant U.S. Attorney Shardul S. Desai of the Western District of Pennsylvania, and the prosecution in Lincoln is being handled by Senior Counsel William A. Hall, Jr., of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorney Steven A. Russell of the District of Nebraska. The Criminal Division’s Office of International Affairs provided significant assistance throughout the criminal investigations. The Department’s National Security Division also provided investigative assistance.
The details contained in the indictment, criminal complaint and related pleadings are merely accusations, and the defendants are presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law. ©
Cyber-related Designations; Counter Terrorism Designation Removal
12/5/2019
OFFICE OF FOREIGN ASSETS CONTROL
Specially Designated Nationals List Update
The following individuals have been added to OFAC's SDN List:
ALVARES, Carlos, Moscow, Russia; DOB 18 May 1971; POB Spain; Gender Male; National ID No. AV176942 (Spain) (individual) [CYBER2] (Linked To: EVIL CORP).
BASHLIKOV, Aleksei, Moscow, Russia; DOB 18 Mar 1988; POB Russia; Gender Male; Passport 4509592875 (Russia) (individual) [CYBER2] (Linked To: EVIL CORP).
BURKHONOVA, Gulsara, Moscow, Russia; DOB 06 Apr 1977; POB Russia; alt. POB Tajikistan; Gender Female; Passport 9707561379 (Russia) (individual) [CYBER2] (Linked To: EVIL CORP).
GUBERMAN, David, Moscow, Russia; DOB 01 Mar 1971; POB Ukraine; Gender Male; National ID No. 7201105 (Israel) (individual) [CYBER2] (Linked To: EVIL CORP).
GUSEV, Denis Igorevich (Cyrillic: ГУСЕВ, ДЕНИС ИГОРЕВИЧ) (a.k.a. GOTMAN, David; a.k.a. POMOJAC, Marin), Moscow, Russia; DOB 10 Jun 1986; alt. DOB 08 Jul 1977; alt. DOB 07 Oct 1987; POB Moscow, Russia; alt. POB Ceadir-Lunga, Moldova; citizen Russia; Gender Male; Passport 717386212 (Russia); alt. Passport A1167292 (Moldova); alt. Passport 1213007 (Israel) (individual) [CYBER2] (Linked To: EVIL CORP).
MANIDIS, Georgios, Moscow, Russia; DOB 23 Aug 1971; Gender Male; National ID No. AV2752462 (Greece) (individual) [CYBER2] (Linked To: EVIL CORP).
PLOTNITSKIY, Andrey (a.k.a. KOVALSKIY, Andrey Vechislavovich; a.k.a. STREL, Andrey), Moscow, Russia; DOB 25 Jul 1989; Gender Male (individual) [CYBER2] (Linked To: EVIL CORP).
SAFAROV, Azamat, Moscow, Russia; DOB 26 Mar 1990; POB Uzbekistan; Gender Male; National ID No. CE2236830 (Uzbekistan) (individual) [CYBER2] (Linked To: EVIL CORP).
SHEVCHUK, Tatiana, Moscow, Russia; DOB 08 Jan 1970; Gender Female; National ID No. BB299742 (Ukraine) (individual) [CYBER2] (Linked To: EVIL CORP).
SLOBODSKOY, Dmitriy Alekseyevich, Russia; DOB 28 Jul 1988; Gender Male; Passport 721007353 (Russia) (individual) [CYBER2] (Linked To: EVIL CORP).
SLOBODSKOY, Kirill Alekseyevich, Moscow, Russia; DOB 26 Feb 1987; POB Moscow, Russia; nationality Russia; Gender Male; Passport 721025114 (Russia); National ID No. 4508818947 (Russia) (individual) [CYBER2] (Linked To: EVIL CORP).
SMIRNOV, Dmitriy Konstantinovich, Moscow, Russia; DOB 10 Nov 1987; citizen Russia; Gender Male (individual) [CYBER2] (Linked To: EVIL CORP).
TUCHKOV, Ivan Dmitriyevich, Russia; DOB 27 Nov 1986; POB Moscow, Russia; Gender Male; Passport 45092006504 (Russia); alt. Passport 753931329 (Russia); VisaNumberID 525867504 (France) (individual) [CYBER2] (Linked To: EVIL CORP).
TURASHEV, Igor Olegovich (a.k.a. "ENKI"; a.k.a. "NINTUTU"), Russia; DOB 15 Jun 1981; Gender Male (individual) [CYBER2] (Linked To: EVIL CORP).
YAKUBETS, Artem Viktorovich, Moscow, Russia; DOB 17 Jan 1986; POB Polonnoye, Khmelnitskaya Oblast, Ukraine; citizen Russia; Gender Male (individual) [CYBER2] (Linked To: EVIL CORP).
YAKUBETS, Maksim Viktorovich (a.k.a. "AQUA"), Moscow, Russia; DOB 20 May 1987; POB Polonnoye, Khmelnitskaya Oblast, Ukraine; citizen Russia; Gender Male; Passport 4509135586 (Russia) (individual) [CYBER2] (Linked To: EVIL CORP; Linked To: FEDERAL SECURITY SERVICE).
ZAMULKO, Ruslan, Moscow, Russia; DOB 25 Jun 1970; POB Ukraine; Gender Male; National ID No. HB698865 (Ukraine) (individual) [CYBER2] (Linked To: EVIL CORP).
The following entities have been added to OFAC's SDN List:
BIZNES-STOLITSA, OOO (Cyrillic: ООО БИЗНЕС-СТОЛИЦА) (a.k.a. OBSHCHESTVO S OGRANICHENNOI OTVETSTVENNOSTYU BIZNES-STOLITSA), d. 14 korp. 1 pom. Khll/kom. 1, ul., Sokolovo-Meshcherskaya Moscow, Moscow 125466, Russia; D-U-N-S Number 50-722-4994; Tax ID No. 7733904024 (Russia); Government Gazette Number 40335667 (Russia); Registration Number 5147746417682 (Russia) [CYBER2] (Linked To: GUSEV, Denis Igorevich).
EVIL CORP (a.k.a. DRIDEX GANG), Moscow, Russia; Moldova [CYBER2].
OPTIMA, OOO (Cyrillic: ООО ОПТИМА) (a.k.a. OBSHCHESTVO S OGRANICHENNOI OTVETSTVENNOSTYU OPTIMA), d. 2 korp. 2 pom. 1, ul., Kominterna Moscow, Moscow 129344, Russia; D-U-N-S Number 50-579-8144; Tax ID No. 7716740680 (Russia); Government Gazette Number 17325717 (Russia); Registration Number 1137746232260 (Russia) [CYBER2] (Linked To: GUSEV, Denis Igorevich).
TREID-INVEST, OOO (Cyrillic: ООО ТРЕЙД-ИНВЕСТ) (a.k.a. OBSHCHESTVO S OGRANICHENNOI OTVETSTVENNOSTYU TREID-INVEST), 11/2, ul., Sadovaya-Chernogryazskaya Moscow, Moscow 105064, Russia; D-U-N-S Number 50-722-5114; Tax ID No. 7701416320 (Russia); Government Gazette Number 40214946 (Russia); Registration Number 5147746418782 (Russia) [CYBER2] (Linked To: GUSEV, Denis Igorevich).
TSAO, OOO (Cyrillic: ООО ЦАО) (a.k.a. OBSHCHESTVO S OGRANICHENNOI OTVETSTVENNOSTYU TSENTR AVTOOBSLUZHIVANIYA), 9, per., Omski Kurgan, Kurganskaya Oblast 640000, Russia; D-U-N-S Number 68-215-4722; Tax ID No. 4501122896 (Russia); Government Gazette Number 78739479 (Russia); Registration Number 1064501172394 (Russia) [CYBER2] (Linked To: GUSEV, Denis Igorevich).
VERTIKAL, OOO (Cyrillic: ООО ВЕРТИКАЛЬ) (a.k.a. OBSHCHESTVO S OGRANICHENNOI OTVETSTVENNOSTYU VERTIKAL), d. 102/1, ul. Beregovaya Kogalym, Khanty-Mansiski, Avtonomny Okrug - Yugra Okr. 628482, Russia; D-U-N-S Number 50-630-4726; Tax ID No. 8608056026 (Russia); Government Gazette Number 26149774 (Russia); Registration Number 1138608000189 (Russia) [CYBER2] (Linked To: GUSEV, Denis Igorevich).
YUNIKOM, OOO (Cyrillic: ООО ЮНИКОМ) (a.k.a. OBSHCHESTVO S OGRANICHENNOI OTVETSTVENNOSTYU YUNIKOM), d. 18, ul. Tsentralnaya Kogalym, Khanty-Mansiski, Avtonomny Okrug - Yugra Okr. 628483, Russia; D-U-N-S Number 68-321-9795; Tax ID No. 8608052180 (Russia); Government Gazette Number 97396163 (Russia); Registration Number 1068608008204 (Russia) [CYBER2] (Linked To: GUSEV, Denis Igorevich). ©
.pdf:
* Yakubets Turashev Indictment
* Yakubets Complaint
* Turashev Wanted Poster
* Yakubets Wanted Poster
Опять накрыли агентуру, работающую на ФСБ в целях разведки за рубежом.
Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware
Today the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) took action against Evil Corp, the Russia-based cybercriminal organization responsible for the development and distribution of the Dridex malware. Evil Corp has used the Dridex malware to infect computers and harvest login credentials from hundreds of banks and financial institutions in over 40 countries, causing more than $100 million in theft. This malicious software has caused millions of dollars of damage to U.S. and international financial institutions and their customers. Concurrent with OFAC’s action, the Department of Justice charged two of Evil Corp’s members with criminal violations, and the Department of State announced a reward for information up to $5 million leading to the capture or conviction of Evil Corp’s leader. These U.S. actions were carried out in close coordination with the United Kingdom’s National Crime Agency (NCA). Additionally, based on information obtained by the Treasury Department’s Financial Crimes Enforcement Network (FinCEN), the Treasury Department’s Office of Cybersecurity and Critical Infrastructure Protection (OCCIP) released previously unreported indicators of compromise associated with the Dridex malware and its use against the financial services sector.
“Treasury is sanctioning Evil Corp as part of a sweeping action against one of the world’s most prolific cybercriminal organizations. This coordinated action is intended to disrupt the massive phishing campaigns orchestrated by this Russian-based hacker group,” said Steven T. Mnuchin, Secretary of the Treasury. “OFAC’s action is part of a multiyear effort with key NATO allies, including the United Kingdom. Our goal is to shut down Evil Corp, deter the distribution of Dridex, target the “money mule” network used to transfer stolen funds, and ultimately to protect our citizens from the group’s criminal activities.”
Worldwide, cybercrime results in losses that total in the billions of dollars, while in the United States, financial institutions and other businesses remain prime targets for cybercriminals. Today’s action clarifies that, in addition to his involvement in financially motivated cybercrime, the group’s leader, Maksim Yakubets, also provides direct assistance to the Russian government’s malicious cyber efforts, highlighting the Russian government’s enlistment of cybercriminals for its own malicious purposes. Maksim Yakubets is not the first cybercriminal to be tied to the Russian government. In 2017, the Department of Justice indicted two Russian Federal Security Service (FSB) officers and their criminal conspirators for compromising millions of Yahoo email accounts. The United States Government will not tolerate this type of activity by another government or its proxies and will continue to hold all responsible parties accountable.
Today’s designations and indictments were issued in furtherance of previous international actions targeting Evil Corp in an effort to further disrupt and degrade the group’s ability to operate. In October 2015, the Department of Justice indicted Andrey Ghinkul for spreading the Dridex malware. At that same time, the Federal Bureau of Investigation and the NCA disrupted the global infrastructure utilized at the time by Evil Corp. Over the past several years, the NCA and the United Kingdom’s Metropolitan Police Service have arrested multiple individuals who enabled the activities of Evil Corp, including laundering stolen proceeds acquired through the Dridex malware.
As a result of today’s designations, all property and interests in property of these persons subject to U.S. jurisdiction are blocked, and U.S. persons are generally prohibited from engaging in transactions with them. Additionally, any entities 50 percent or more owned by one or more designated persons are also blocked. Foreign persons may be subject to secondary sanctions for knowingly facilitating a significant transaction or transactions with these designated persons.
Designation Targets
Today’s action targets 17 individuals and seven entities to include Evil Corp, its core cyber operators, multiple businesses associated with a group member, and financial facilitators utilized by the group. OFAC designated these persons pursuant to Executive Order (E.O.) 13694, as amended, which targets malicious cyber-enabled actors around the world, and as codified by the Countering America’s Adversaries Through Sanctions Act.
[. DRIDEX infection chain photo .]
Evil Corp is the Russia-based cybercriminal organization responsible for the development and distribution of the Dridex malware. The Dridex malware is a multifunctional malware package that is designed to automate the theft of confidential information, to include online banking credentials from infected computers. Dridex is traditionally spread through massive phishing email campaigns that seek to entice victims to click on malicious links or attachments embedded within the emails. Once a system is infected, Evil Corp uses compromised credentials to fraudulently transfer funds from victims’ bank accounts to those of accounts controlled by the group. As of 2016, Evil Corp had harvested banking credentials from customers at approximately 300 banks and financial institutions in over 40 countries, making the group one of the main financial threats faced by businesses. In particular, Evil Corp heavily targets financial services sector organizations located in the United States and the United Kingdom. Through their use of the Dridex malware, Evil Corp has illicitly earned at least $100 million, though it is likely that the total of their illicit proceeds is significantly higher. As a result of this activity, Evil Corp is being designated pursuant to E.O. 13694, as amended, for engaging in cyber-enabled activities that have the effect of causing a significant misappropriation of funds or economic resources for private financial gain.
Evil Corp operates as a business run by a group of individuals based in Moscow, Russia, who have years of experience and well-developed, trusted relationships with each other. Maksim Yakubets (Yakubets) serves as Evil Corp’s leader and is responsible for managing and supervising the group’s malicious cyber activities. For example, as of 2017, Yakubets supervised Evil Corp actors who were attempting to target U.S. companies. As of 2015, Yakubets maintained control of the Dridex malware and was in direct communication with Andrey Ghinkul prior to the unsealing of his indictment. As a result, Yakubets is being designated pursuant to E.O. 13694, as amended, for having acted for or on behalf of and for providing material assistance to Evil Corp. Prior to serving in this leadership role for Evil Corp, Yakubets was also directly associated with Evgeniy Bogachev, a previously designated Russian cybercriminal responsible for the distribution of the Zeus, Jabber Zeus, and GameOver Zeus malware schemes. In particular, Yakubets was responsible for recruiting and managing a network of individuals responsible for facilitating the movement of money illicitly gained through the efforts spearheaded by Evgeniy Bogachev. Yakubets is the subject of an indictment and criminal complaint unsealed today by the Department of Justice, while the Department of State announced a $5 million reward for information leading to the capture of Yakubets.
In addition to his leadership role within Evil Corp, Yakubets has also provided direct assistance to the Russian government. As of 2017, Yakubets was working for the Russian FSB, one of Russia’s leading intelligence organizations that was previously sanctioned pursuant to E.O. 13694, as amended, on December 28, 2016. As of April 2018, Yakubets was in the process of obtaining a license to work with Russian classified information from the FSB. As a result, Yakubets is also being designated pursuant to E.O. 13694, as amended, for providing material assistance to the FSB. Additionally, as of 2017, Yakubets was tasked to work on projects for the Russian state, to include acquiring confidential documents through cyber-enabled means and conducting cyber-enabled operations on its behalf.
Another key Evil Corp figure targeted today is Igor Turashev (Turashev). As of 2017, Turashev was involved in helping Evil Corp exploit victims’ networks. As of 2015, Turashev served as an administrator for Yakubets and had control over the Dridex malware. As a result, Turashev is being designated pursuant to E.O. 13694, as amended, for having acted for or on behalf of and for providing material assistance to Evil Corp. Turashev is also the subject of an indictment unsealed today by the Department of Justice.
Denis Gusev (Gusev), a senior member of Evil Corp, is also being designated today for his active role in furthering Evil Corp’s activities. As of 2017, Gusev was involved in helping Evil Corp move to a new office location and as of 2018, Gusev served as a financial facilitator for Evil Corp and its members. As a result, Gusev is being designated pursuant to E.O. 13694, as amended, for having acted for or on behalf of and for providing material assistance to Evil Corp.
Gusev also serves as the General Director for six Russia-based businesses. These entities include Biznes-Stolitsa, OOO, Optima, OOO, Treid-Invest, OOO, TSAO, OOO, Vertikal, OOO, and Yunikom, OOO. As a result, these entities are being designated pursuant to E.O. 13694, as amended, for being owned or controlled by Gusev.
In addition to Yakubets, Turashev, and Gusev, Evil Corp relies upon a cadre of core individuals to carry out critical logistical, technical, and financial functions such as managing the Dridex malware, supervising the operators seeking to target new victims, and laundering the proceeds derived from the group’s activities. These additional core members of the group include Dmitriy Smirnov, Artem Yakubets, Ivan Tuchkov, Andrey Plotnitskiy, Dmitriy Slobodskoy, and Kirill Slobodskoy. As a result, these six individuals are being designated pursuant to E.O. 13694, as amended, for having acted for or on behalf of and for providing material assistance to Evil Corp.
To transfer the proceeds gained through their use of the Dridex malware, Evil Corp relies upon a network of money mules who are involved in transferring stolen funds obtained from victims’ bank accounts to accounts controlled by members of Evil Corp. Previously, the NCA arrested multiple individuals in the United Kingdom suspected of laundering the criminal profits of cybercrime schemes, including those perpetrated by Evil Corp, through hundreds of accounts at various banks in the United Kingdom. Today, OFAC is designating eight Moscow-based individuals who have served as financial facilitators for Evil Corp. These individuals include Aleksei Bashlikov, Ruslan Zamulko, David Guberman, Carlos Alvares, Georgios Manidis, Tatiana Shevchuk, Azamat Safarov, and Gulsara Burkhonova. As a result, these eight individuals are being designated pursuant to E.O. 13694, as amended, for providing financial and material assistance to Evil Corp. ©
Reward of up to $5 Million Offered for Information Leading to Arrest or Conviction
The United States of America, through its Departments of Justice and State, and the United Kingdom, through its National Crime Agency (NCA), today announced the unsealing of criminal charges in Pittsburgh, Pennsylvania, and Lincoln, Nebraska, against Maksim V. Yakubets, aka online moniker, “aqua,” 32, of Moscow, Russia, related to two separate international computer hacking and bank fraud schemes spanning from May 2009 to the present. A second individual, Igor Turashev, 38, from Yoshkar-Ola, Russia, was also indicted in Pittsburgh for his role related to the “Bugat” malware conspiracy. The State Department, in partnership with the FBI, announced today a reward of up to $5 million under the Transnational Organized Crime Rewards Program for information leading to the arrest and/or conviction of Yakubets. This represents the largest such reward offer for a cyber criminal to date.
Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division, U.S. Attorney Scott W. Brady for the Western District of Pennsylvania, U.S. Attorney Joseph P. Kelly for the District of Nebraska, FBI Deputy Director David Bowdich, Principal Deputy Assistant Secretary James A. Walsh of the State Department’s Bureau of International Narcotics and Law Enforcement Affairs (INL), and Director Rob Jones of the Cyber Crime Unit at the United Kingdom’s National Crime Agency (NCA) made the announcement.
“Maksim Yakubets allegedly has engaged in a decade-long cybercrime spree that deployed two of the most damaging pieces of financial malware ever used and resulted in tens of millions of dollars of losses to victims worldwide,” said Assistant Attorney General Benczkowski. “These two cases demonstrate our commitment to unmasking the perpetrators behind the world’s most egregious cyberattacks. The assistance of our international partners, in particular the National Crime Agency of the United Kingdom, was crucial to our efforts to identify Yakubets and his co-conspirators.”
“For over a decade, Maksim Yakubets and Igor Turashev led one of the most sophisticated transnational cybercrime syndicates in the world,” said U.S. Attorney Brady. “Deploying ‘Bugat’ malware, also known as ‘Cridex’ and ‘Dridex,’ these cybercriminals targeted individuals and companies in western Pennsylvania and across the globe in one of the most widespread malware campaigns we have ever encountered. International cybercriminals who target Pennsylvania citizens and companies are no different than any other criminal: they will be investigated, prosecuted and held accountable for their actions.”
“The Zeus scheme was one of the most outrageous cybercrimes in history,” said U.S. Attorney Kelly. “Our identification of Yakubets as the actor who used the moniker ‘aqua’ in that scheme, as alleged in the complaint unsealed today, is a prime example of how we will pursue cyber criminals to the ends of justice no matter how long it takes, by tracking their activity both online and off and working with our international partners to expose their crimes.”
“Today’s announcement involved a long running investigation of a sophisticated organized cybercrime syndicate,” said FBI Deputy Director Bowdich. “The charges highlight the persistence of the FBI and our partners to vigorously pursue those who desire to profit from innocent people through deception and theft. By calling out those who threaten American businesses and citizens, we expose criminals who hide behind devices and launch attacks that threaten our public safety and economic stability. The actions highlighted today, which represent a continuing trend of cyber-criminal activity emanating from Russian actors, were particularly damaging as they targeted U.S. entities across all sectors and walks of life. The FBI, with the assistance of private industry and our international and U.S. government partners, is sending a strong message that we will work together to investigate and hold all criminals accountable. Our memory is long and we will hold them accountable under the law, no matter where they attempt to hide.”
“Combatting cybercrime remains a top national security priority for to the United States,” said INL Principal Deputy Assistant Secretary of State Walsh. “The announcements today represent a coordinated interagency effort to bring Maksim Yakubets to justice and to address cybercrime globally.”
“This is a landmark for the NCA, FBI and U.S. authorities and a day of reckoning for those who commit cybercrime,” said NCA Director Jones. “Following years of online pursuit, I am pleased to see the real world identity of Yakubets and his associate Turashev revealed. Yakubets and his associates have allegedly been responsible for losses and attempted losses totalling hundreds of millions of dollars. This is not a victimless crime, those losses were once people’s life savings, now emptied from their bank accounts. Today the process of bringing Yakubets and his criminal associates to justice begins. This is not the end of our investigation, and we will continue to work closely with international partners to present a united front against criminality that threatens our prosperity and security.”
Yakubets and Turashev Indicted in Relation to “Bugat” Malware
A federal grand jury in Pittsburgh returned a 10-count indictment, which was unsealed today, against Yakubets and Turashev, charging them with conspiracy, computer hacking, wire fraud, and bank fraud, in connection with the distribution of “Bugat,” a multifunction malware package designed to automate the theft of confidential personal and financial information, such as online banking credentials, from infected computers. Later versions of the malware were designed with the added function of assisting in the installation of ransomware.
According to the indictment, Bugat is a malware specifically crafted to defeat antivirus and other protective measures employed by victims. As the individuals behind Bugat improved the malware and added functionality, the name of the malware changed, at one point being called “Cridex,” and later “Dridex,” according to the indictment. Bugat malware was allegedly designed to automate the theft of confidential personal and financial information, such as online banking credentials, and facilitated the theft of confidential personal and financial information by a number of methods. For example, the indictment alleges that the Bugat malware allowed computer intruders to hijack a computer session and present a fake online banking webpage to trick a user into entering personal and financial information.
The indictment further alleges that Yakubets and Turashev used captured banking credentials to cause banks to make unauthorized electronic funds transfers from the victims’ bank accounts, without the knowledge or consent of the account holders. They then allegedly used persons, known as “money mules,” to receive stolen funds into their bank accounts, and then move the money to other accounts or withdraw the funds and transport the funds overseas as smuggled bulk cash. According to the indictment, they also used a powerful online tool known as a botnet in furtherance of the scheme.
Yakubets was the leader of the group of conspirators involved with the Bugat malware and botnet, according to the indictment. As the leader, he oversaw and managed the development, maintenance, distribution, and infection of Bugat as well as the financial theft and the use of money mules. Turashev allegedly handled a variety of functions for the Bugat conspiracy, including system administration, management of the internal control panel, and oversight of botnet operations.
According to the indictment, Yakubets and Turashev victimized multiple entities, including two banks, a school district, and four companies including a petroleum business, building materials supply company, vacuum and thin film deposition technology company and metal manufacturer in the Western District of Pennsylvania and a firearm manufacturer. The indictment alleges that these attacks resulted in the theft of millions of dollars, and occurred as recently as March 19, 2019.
Yakubets Charged in Relation to “Zeus” Malware
A criminal complaint was also unsealed in Lincoln today charging Yakubets with conspiracy to commit bank fraud in connection with the “Zeus” malware. Beginning in May 2009, Yakubets and multiple co-conspirators are alleged to have a long-running conspiracy to employ widespread computer intrusions, malicious software, and fraud to steal millions of dollars from numerous bank accounts in the United States and elsewhere. Yakubets and his co-conspirators allegedly infected thousands of business computers with malicious software that captured passwords, account numbers, and other information necessary to log into online banking accounts, and then used the captured information to steal money from victims’ bank accounts. As with Bugat, the actors involved with the Zeus scheme were alleged to have employed the use of money mules and a botnet.
Yakubets and his co-conspirators are alleged to have victimized 21 specific municipalities, banks, companies, and non-profit organizations in California, Illinois, Iowa, Kentucky, Maine, Massachusetts, New Mexico, North Carolina, Ohio, Texas, and Washington, identified in the complaint, including multiple entities in Nebraska and a religious congregation. According to the complaint, the deployment of the Zeus malware resulted overall in the attempted theft of an estimated $220 million USD, with actual losses of an estimated $70 million USD from victims’ bank accounts. According to the complaint, Yakubets’ role in the Zeus scheme was to provide money mules and their associated banking credentials in order to facilitate the movement of money, which was withdrawn from victim accounts by fraudulent means.
An individual charged as John Doe #2, also known as “aqua,” was indicted in District of Nebraska in case number 4:11-CR-3074. The indictment in that case charges that individual and others with conspiracy to participate in racketeering activity, conspiracy to commit computer fraud and identity theft, aggravated identity theft, and multiple counts of bank fraud related to the Zeus scheme. As alleged, the complaint unsealed today associates use of the moniker “aqua” in the Zeus scheme to Yakubets.
In case number 4:11-CR-3074, two of the co-conspirators of “aqua,” Ukrainian nationals Yuriy Konovaleko and Yevhen Kulibaba, were extradited from the United Kingdom to the United States. Konovalenko and Kulibaba both pleaded guilty in 2015 to conspiracy to participate in racketeering activity and have completed prison sentences that were imposed. Konovalenko and Kulibaba were previously convicted in the United Kingdom, after an investigation conducted by the Metropolitan Police Service, for their role in laundering £3 million GBP on behalf of the group responsible for the Zeus malware.
State Department $5 million USD Reward
The U.S. Department of State’s Transnational Organized Crime (TOC) Rewards Program is offering a reward of up to $5 million for information on Yakubets. Cyber threats are a top national security threat to the United States, and the Department of State’s TOC Rewards Program is one of the many tools used by U.S. authorities to bring significant cybercriminals to justice. Congress established the TOC Rewards Program in 2013 to support law enforcement efforts to dismantle transnational criminal organizations and bring their leaders and members to justice. The U.S. Department of State’s Bureau of International Narcotics and Law Enforcement Affairs manages the program in coordination with other U.S. federal agencies.
In addition to NCA, the law enforcement actions taken related to these two prosecutions were assisted by the efforts of law enforcement counterparts from The Netherlands, Germany, Belarus, Ukraine, and the Russian Federation.
The FBI’s Pittsburgh and Omaha Field Offices led the investigations of Yakubets and Turashev with assistance by the FBI’s Major Cyber Crimes Unit and Global Operations and Targeting Unit. The prosecution in Pittsburgh is being handled by Assistant U.S. Attorney Shardul S. Desai of the Western District of Pennsylvania, and the prosecution in Lincoln is being handled by Senior Counsel William A. Hall, Jr., of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorney Steven A. Russell of the District of Nebraska. The Criminal Division’s Office of International Affairs provided significant assistance throughout the criminal investigations. The Department’s National Security Division also provided investigative assistance.
The details contained in the indictment, criminal complaint and related pleadings are merely accusations, and the defendants are presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law. ©
Cyber-related Designations; Counter Terrorism Designation Removal
12/5/2019
OFFICE OF FOREIGN ASSETS CONTROL
Specially Designated Nationals List Update
The following individuals have been added to OFAC's SDN List:
ALVARES, Carlos, Moscow, Russia; DOB 18 May 1971; POB Spain; Gender Male; National ID No. AV176942 (Spain) (individual) [CYBER2] (Linked To: EVIL CORP).
BASHLIKOV, Aleksei, Moscow, Russia; DOB 18 Mar 1988; POB Russia; Gender Male; Passport 4509592875 (Russia) (individual) [CYBER2] (Linked To: EVIL CORP).
BURKHONOVA, Gulsara, Moscow, Russia; DOB 06 Apr 1977; POB Russia; alt. POB Tajikistan; Gender Female; Passport 9707561379 (Russia) (individual) [CYBER2] (Linked To: EVIL CORP).
GUBERMAN, David, Moscow, Russia; DOB 01 Mar 1971; POB Ukraine; Gender Male; National ID No. 7201105 (Israel) (individual) [CYBER2] (Linked To: EVIL CORP).
GUSEV, Denis Igorevich (Cyrillic: ГУСЕВ, ДЕНИС ИГОРЕВИЧ) (a.k.a. GOTMAN, David; a.k.a. POMOJAC, Marin), Moscow, Russia; DOB 10 Jun 1986; alt. DOB 08 Jul 1977; alt. DOB 07 Oct 1987; POB Moscow, Russia; alt. POB Ceadir-Lunga, Moldova; citizen Russia; Gender Male; Passport 717386212 (Russia); alt. Passport A1167292 (Moldova); alt. Passport 1213007 (Israel) (individual) [CYBER2] (Linked To: EVIL CORP).
MANIDIS, Georgios, Moscow, Russia; DOB 23 Aug 1971; Gender Male; National ID No. AV2752462 (Greece) (individual) [CYBER2] (Linked To: EVIL CORP).
PLOTNITSKIY, Andrey (a.k.a. KOVALSKIY, Andrey Vechislavovich; a.k.a. STREL, Andrey), Moscow, Russia; DOB 25 Jul 1989; Gender Male (individual) [CYBER2] (Linked To: EVIL CORP).
SAFAROV, Azamat, Moscow, Russia; DOB 26 Mar 1990; POB Uzbekistan; Gender Male; National ID No. CE2236830 (Uzbekistan) (individual) [CYBER2] (Linked To: EVIL CORP).
SHEVCHUK, Tatiana, Moscow, Russia; DOB 08 Jan 1970; Gender Female; National ID No. BB299742 (Ukraine) (individual) [CYBER2] (Linked To: EVIL CORP).
SLOBODSKOY, Dmitriy Alekseyevich, Russia; DOB 28 Jul 1988; Gender Male; Passport 721007353 (Russia) (individual) [CYBER2] (Linked To: EVIL CORP).
SLOBODSKOY, Kirill Alekseyevich, Moscow, Russia; DOB 26 Feb 1987; POB Moscow, Russia; nationality Russia; Gender Male; Passport 721025114 (Russia); National ID No. 4508818947 (Russia) (individual) [CYBER2] (Linked To: EVIL CORP).
SMIRNOV, Dmitriy Konstantinovich, Moscow, Russia; DOB 10 Nov 1987; citizen Russia; Gender Male (individual) [CYBER2] (Linked To: EVIL CORP).
TUCHKOV, Ivan Dmitriyevich, Russia; DOB 27 Nov 1986; POB Moscow, Russia; Gender Male; Passport 45092006504 (Russia); alt. Passport 753931329 (Russia); VisaNumberID 525867504 (France) (individual) [CYBER2] (Linked To: EVIL CORP).
TURASHEV, Igor Olegovich (a.k.a. "ENKI"; a.k.a. "NINTUTU"), Russia; DOB 15 Jun 1981; Gender Male (individual) [CYBER2] (Linked To: EVIL CORP).
YAKUBETS, Artem Viktorovich, Moscow, Russia; DOB 17 Jan 1986; POB Polonnoye, Khmelnitskaya Oblast, Ukraine; citizen Russia; Gender Male (individual) [CYBER2] (Linked To: EVIL CORP).
YAKUBETS, Maksim Viktorovich (a.k.a. "AQUA"), Moscow, Russia; DOB 20 May 1987; POB Polonnoye, Khmelnitskaya Oblast, Ukraine; citizen Russia; Gender Male; Passport 4509135586 (Russia) (individual) [CYBER2] (Linked To: EVIL CORP; Linked To: FEDERAL SECURITY SERVICE).
ZAMULKO, Ruslan, Moscow, Russia; DOB 25 Jun 1970; POB Ukraine; Gender Male; National ID No. HB698865 (Ukraine) (individual) [CYBER2] (Linked To: EVIL CORP).
The following entities have been added to OFAC's SDN List:
BIZNES-STOLITSA, OOO (Cyrillic: ООО БИЗНЕС-СТОЛИЦА) (a.k.a. OBSHCHESTVO S OGRANICHENNOI OTVETSTVENNOSTYU BIZNES-STOLITSA), d. 14 korp. 1 pom. Khll/kom. 1, ul., Sokolovo-Meshcherskaya Moscow, Moscow 125466, Russia; D-U-N-S Number 50-722-4994; Tax ID No. 7733904024 (Russia); Government Gazette Number 40335667 (Russia); Registration Number 5147746417682 (Russia) [CYBER2] (Linked To: GUSEV, Denis Igorevich).
EVIL CORP (a.k.a. DRIDEX GANG), Moscow, Russia; Moldova [CYBER2].
OPTIMA, OOO (Cyrillic: ООО ОПТИМА) (a.k.a. OBSHCHESTVO S OGRANICHENNOI OTVETSTVENNOSTYU OPTIMA), d. 2 korp. 2 pom. 1, ul., Kominterna Moscow, Moscow 129344, Russia; D-U-N-S Number 50-579-8144; Tax ID No. 7716740680 (Russia); Government Gazette Number 17325717 (Russia); Registration Number 1137746232260 (Russia) [CYBER2] (Linked To: GUSEV, Denis Igorevich).
TREID-INVEST, OOO (Cyrillic: ООО ТРЕЙД-ИНВЕСТ) (a.k.a. OBSHCHESTVO S OGRANICHENNOI OTVETSTVENNOSTYU TREID-INVEST), 11/2, ul., Sadovaya-Chernogryazskaya Moscow, Moscow 105064, Russia; D-U-N-S Number 50-722-5114; Tax ID No. 7701416320 (Russia); Government Gazette Number 40214946 (Russia); Registration Number 5147746418782 (Russia) [CYBER2] (Linked To: GUSEV, Denis Igorevich).
TSAO, OOO (Cyrillic: ООО ЦАО) (a.k.a. OBSHCHESTVO S OGRANICHENNOI OTVETSTVENNOSTYU TSENTR AVTOOBSLUZHIVANIYA), 9, per., Omski Kurgan, Kurganskaya Oblast 640000, Russia; D-U-N-S Number 68-215-4722; Tax ID No. 4501122896 (Russia); Government Gazette Number 78739479 (Russia); Registration Number 1064501172394 (Russia) [CYBER2] (Linked To: GUSEV, Denis Igorevich).
VERTIKAL, OOO (Cyrillic: ООО ВЕРТИКАЛЬ) (a.k.a. OBSHCHESTVO S OGRANICHENNOI OTVETSTVENNOSTYU VERTIKAL), d. 102/1, ul. Beregovaya Kogalym, Khanty-Mansiski, Avtonomny Okrug - Yugra Okr. 628482, Russia; D-U-N-S Number 50-630-4726; Tax ID No. 8608056026 (Russia); Government Gazette Number 26149774 (Russia); Registration Number 1138608000189 (Russia) [CYBER2] (Linked To: GUSEV, Denis Igorevich).
YUNIKOM, OOO (Cyrillic: ООО ЮНИКОМ) (a.k.a. OBSHCHESTVO S OGRANICHENNOI OTVETSTVENNOSTYU YUNIKOM), d. 18, ul. Tsentralnaya Kogalym, Khanty-Mansiski, Avtonomny Okrug - Yugra Okr. 628483, Russia; D-U-N-S Number 68-321-9795; Tax ID No. 8608052180 (Russia); Government Gazette Number 97396163 (Russia); Registration Number 1068608008204 (Russia) [CYBER2] (Linked To: GUSEV, Denis Igorevich). ©