US, UK, and Australia Impose New Sanctions on Russian Cybercriminal Group Evil Corp

The United States, the United Kingdom, and Australia have imposed new sanctions on members of the Russian cybercriminal group Evil Corp, known for its attacks using the Dridex malware, which has caused significant damage in over 40 countries. The sanctions targeted seven individuals and two entities linked to the group.

According to The US Treasury Department and the British government, Evil Corp, founded by Maksim Yakubets, is considered one of the largest cybercriminal organizations specializing in theft through cyberattacks. According to the US Treasury, Dridex was used to infect computer systems and steal login credentials for banking and financial platforms. The total damage from Evil Corp’s operations is estimated to exceed $100 million. Yakubets operated under the cover of the National Engineering Corporation, which has ties to Igor Chaika, the son of a Russian Security Council member.

Key figures such as former FSB officer Eduard Bendersky and Yakubets' associate Alexander Ryzhenkov were included in the new sanctions. Ryzhenkov is also under investigation by the U.S. Department of Justice for using the BitPaymer ransomware to attack American companies. Bendersky, with his connections to Russian authorities, helped the group maintain contacts with government structures.

The British government also sanctioned 16 individuals linked to Evil Corp, including Yakubets, Bendersky, and Ryzhenkov, in coordination with the U.S. and Australia. This demonstrates enhanced international cooperation in the fight against cybercrime.

Australia supported the sanctions as well, emphasizing the need for a global response to cyber threats. Officials noted that cybercriminals like Evil Corp pose risks not only to financial institutions but also to critical infrastructure, requiring coordinated efforts to neutralize them.

Evil Corp had previously been sanctioned in 2019 for numerous cybercrimes, including hacking and banking fraud. Yakubets and his associates were accused of stealing data that allowed them to access victims' bank accounts and commit large-scale thefts. Despite these earlier sanctions, the group’s activities continued, leading to renewed international action.