{
	"id": "07f760e9-46c9-4611-beb5-258d0e5455a9",
	"created_at": "2026-04-06T15:53:09.008451Z",
	"updated_at": "2026-04-10T13:11:18.911204Z",
	"deleted_at": null,
	"sha1_hash": "5b8bc8ae30279550c3926098853b7d024f9193e1",
	"title": "Russian National Charged with Decade-Long Series of Hacking and Bank Fraud Offenses Resulting in Tens of Millions in Losses and Second Russian National Charged with Involvement in Deployment of “Bugat” Malware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 59178,
	"plain_text": "Russian National Charged with Decade-Long Series of Hacking\r\nand Bank Fraud Offenses Resulting in Tens of Millions in Losses\r\nand Second Russian National Charged with Involvement in\r\nDeployment of “Bugat” Malware\r\nPublished: 2019-12-05 · Archived: 2026-04-06 15:44:28 UTC\r\nThe United States of America, through its Departments of Justice and State, and the United Kingdom, through its\r\nNational Crime Agency (NCA), today announced the unsealing of criminal charges in Pittsburgh, Pennsylvania,\r\nand Lincoln, Nebraska, against Maksim V. Yakubets, aka online moniker, “aqua,” 32, of Moscow, Russia, related\r\nto two separate international computer hacking and bank fraud schemes spanning from May 2009 to the present.\r\n A second individual, Igor Turashev, 38, from Yoshkar-Ola, Russia, was also indicted in Pittsburgh for his role\r\nrelated to the “Bugat” malware conspiracy. The State Department, in partnership with the FBI, announced today a\r\nreward of up to $5 million under the Transnational Organized Crime Rewards Program for information leading to\r\nthe arrest and/or conviction of Yakubets.  This represents the largest such reward offer for a cyber criminal to date.\r\nAssistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division, U.S. Attorney\r\nScott W. Brady for the Western District of Pennsylvania, U.S. Attorney Joseph P. Kelly for the District of\r\nNebraska, FBI Deputy Director David Bowdich, Principal Deputy Assistant Secretary James A. Walsh of the State\r\nDepartment’s Bureau of International Narcotics and Law Enforcement Affairs (INL), and Director Rob Jones of\r\nthe Cyber Crime Unit  at the United Kingdom’s National Crime Agency (NCA) made the announcement.\r\n“Maksim Yakubets allegedly has engaged in a decade-long cybercrime spree that deployed two of the most\r\ndamaging pieces of financial malware ever used and resulted in tens of millions of dollars of losses to victims\r\nworldwide,” said Assistant Attorney General Benczkowski.  “These two cases demonstrate our commitment to\r\nunmasking the perpetrators behind the world’s most egregious cyberattacks.  The assistance of our international\r\npartners, in particular the National Crime Agency of the United Kingdom, was crucial to our efforts to identify\r\nYakubets and his co-conspirators.”\r\n“For over a decade, Maksim Yakubets and Igor Turashev led one of the most sophisticated transnational\r\ncybercrime syndicates in the world,” said U.S. Attorney Brady. “Deploying ‘Bugat’ malware, also known as\r\n‘Cridex’ and ‘Dridex,’ these cybercriminals targeted individuals and companies in western Pennsylvania and\r\nacross the globe in one of the most widespread malware campaigns we have ever encountered.  International\r\ncybercriminals who target Pennsylvania citizens and companies are no different than any other criminal: they will\r\nbe investigated, prosecuted and held accountable for their actions.” \r\n“The Zeus scheme was one of the most outrageous cybercrimes in history,” said U.S. Attorney Kelly.  “Our\r\nidentification of Yakubets as the actor who used the moniker ‘aqua’ in that scheme, as alleged in the complaint\r\nunsealed today, is a prime example of how we will pursue cyber criminals to the ends of justice no matter how\r\nlong it takes, by tracking their activity both online and off and working with our international partners to expose\r\ntheir crimes.”\r\nhttps://www.justice.gov/opa/pr/russian-national-charged-decade-long-series-hacking-and-bank-fraud-offenses-resulting-tens\r\nPage 1 of 4\n\n“Today’s announcement involved a long running investigation of a sophisticated organized cybercrime syndicate,”\r\nsaid FBI Deputy Director Bowdich. “The charges highlight the persistence of the FBI and our partners to\r\nvigorously pursue those who desire to profit from innocent people through deception and theft. By calling out\r\nthose who threaten American businesses and citizens, we expose criminals who hide behind devices and launch\r\nattacks that threaten our public safety and economic stability. The actions highlighted today, which represent a\r\ncontinuing trend of cyber-criminal activity emanating from Russian actors, were particularly damaging as they\r\ntargeted U.S. entities across all sectors and walks of life. The FBI, with the assistance of private industry and our\r\ninternational and U.S. government partners, is sending a strong message that we will work together to investigate\r\nand hold all criminals accountable. Our memory is long and we will hold them accountable under the law, no\r\nmatter where they attempt to hide.”\r\n“Combatting cybercrime remains a top national security priority for to the United States,” said INL Principal\r\nDeputy Assistant Secretary of State Walsh. “The announcements today represent a coordinated interagency effort\r\nto bring Maksim Yakubets to justice and to address cybercrime globally.”\r\n“This is a landmark for the NCA, FBI and U.S. authorities and a day of reckoning for those who commit\r\ncybercrime,” said NCA Director Jones. “Following years of online pursuit, I am pleased to see the real world\r\nidentity of Yakubets and his associate Turashev revealed.  Yakubets and his associates have allegedly been\r\nresponsible for losses and attempted losses totaling hundreds of millions of dollars. This is not a victimless crime,\r\nthose losses were once people’s life savings, now emptied from their bank accounts.  Today the process of\r\nbringing Yakubets and his criminal associates to justice begins.  This is not the end of our investigation, and we\r\nwill continue to work closely with international partners to present a united front against criminality that threatens\r\nour prosperity and security.”\r\nYakubets and Turashev Indicted in Relation to “Bugat” Malware\r\nA federal grand jury in Pittsburgh returned a 10-count indictment, which was unsealed today, against Yakubets and\r\nTurashev, charging them with conspiracy, computer hacking, wire fraud, and bank fraud, in connection with the\r\ndistribution of “Bugat,” a multifunction malware package designed to automate the theft of confidential personal\r\nand financial information, such as online banking credentials, from infected computers.  Later versions of the\r\nmalware were designed with the added function of assisting in the installation of ransomware. \r\nAccording to the indictment, Bugat is a malware specifically crafted to defeat antivirus and other protective\r\nmeasures employed by victims.  As the individuals behind Bugat improved the malware and added functionality,\r\nthe name of the malware changed, at one point being called “Cridex,” and later “Dridex,” according to the\r\nindictment.  Bugat malware was allegedly designed to automate the theft of confidential personal and financial\r\ninformation, such as online banking credentials, and facilitated the theft of confidential personal and financial\r\ninformation by a number of methods.  For example, the indictment alleges that the Bugat malware allowed\r\ncomputer intruders to hijack a computer session and present a fake online banking webpage to trick a user into\r\nentering personal and financial information.   \r\nThe indictment further alleges that Yakubets and Turashev used captured banking credentials to cause banks to\r\nmake unauthorized electronic funds transfers from the victims’ bank accounts, without the knowledge or consent\r\nof the account holders.  They then allegedly used persons, known as “money mules,” to receive stolen funds into\r\nhttps://www.justice.gov/opa/pr/russian-national-charged-decade-long-series-hacking-and-bank-fraud-offenses-resulting-tens\r\nPage 2 of 4\n\ntheir bank accounts, and then move the money to other accounts or withdraw the funds and transport the funds\r\noverseas as smuggled bulk cash.  According to the indictment, they also used a powerful online tool known as a\r\nbotnet in furtherance of the scheme.\r\nYakubets was the leader of the group of conspirators involved with the Bugat malware and botnet, according to\r\nthe indictment.  As the leader, he oversaw and managed the development, maintenance, distribution, and infection\r\nof Bugat as well as the financial theft and the use of money mules.  Turashev allegedly handled a variety of\r\nfunctions for the Bugat conspiracy, including system administration, management of the internal control panel,\r\nand oversight of botnet operations.\r\nAccording to the indictment, Yakubets and Turashev victimized multiple entities, including two banks, a school\r\ndistrict, and four companies including a petroleum business, building materials supply company, vacuum and thin\r\nfilm deposition technology company and metal manufacturer in the Western District of Pennsylvania and a firearm\r\nmanufacturer.  The indictment alleges that these attacks resulted in the theft of millions of dollars, and occurred as\r\nrecently as March 19, 2019.\r\nYakubets Charged in Relation to “Zeus” Malware\r\nA criminal complaint was also unsealed in Lincoln today charging Yakubets with conspiracy to commit bank fraud\r\nin connection with the “Zeus” malware.  Beginning in May 2009, Yakubets and multiple co-conspirators are\r\nalleged to have a long-running conspiracy to employ widespread computer intrusions, malicious software, and\r\nfraud to steal millions of dollars from numerous bank accounts in the United States and elsewhere.  Yakubets and\r\nhis co-conspirators allegedly infected thousands of business computers with malicious software that captured\r\npasswords, account numbers, and other information necessary to log into online banking accounts, and then used\r\nthe captured information to steal money from victims’ bank accounts.  As with Bugat, the actors involved with the\r\nZeus scheme were alleged to have employed the use of money mules and a botnet.\r\nYakubets and his co-conspirators are alleged to have victimized 21 specific municipalities, banks, companies, and\r\nnon-profit organizations in California, Illinois, Iowa, Kentucky, Maine, Massachusetts, New Mexico, North\r\nCarolina, Ohio, Texas, and Washington, identified in the complaint, including multiple entities in Nebraska and a\r\nreligious congregation.  According to the complaint, the deployment of the Zeus malware resulted overall in the\r\nattempted theft of an estimated $220 million USD, with actual losses of an estimated $70 million USD from\r\nvictims’ bank accounts.  According to the complaint, Yakubets’ role in the Zeus scheme was to provide money\r\nmules and their associated banking credentials in order to facilitate the movement of money, which was\r\nwithdrawn from victim accounts by fraudulent means. \r\nAn individual charged as John Doe #2, also known as “aqua,” was indicted in District of Nebraska in case number\r\n4:11-CR-3074.  The indictment in that case charges that individual and others with conspiracy to participate in\r\nracketeering activity, conspiracy to commit computer fraud and identity theft, aggravated identity theft, and\r\nmultiple counts of bank fraud related to the Zeus scheme.  As alleged, the complaint unsealed today associates use\r\nof the moniker “aqua” in the Zeus scheme to Yakubets.\r\nIn case number 4:11-CR-3074, two of the co-conspirators of “aqua,” Ukrainian nationals Yuriy Konovaleko and\r\nYevhen Kulibaba, were extradited from the United Kingdom to the United States.  Konovalenko and Kulibaba\r\nboth pleaded guilty in 2015 to conspiracy to participate in racketeering activity and have completed prison\r\nhttps://www.justice.gov/opa/pr/russian-national-charged-decade-long-series-hacking-and-bank-fraud-offenses-resulting-tens\r\nPage 3 of 4\n\nsentences that were imposed.  Konovalenko and Kulibaba were previously convicted in the United Kingdom, after\r\nan investigation conducted by the Metropolitan Police Service, for their role in laundering £3 million GBP on\r\nbehalf of the group responsible for the Zeus malware.\r\nState Department $5 million USD Reward\r\nThe U.S. Department of State’s Transnational Organized Crime (TOC) Rewards Program is offering a reward of\r\nup to $5 million for information on Yakubets.  Cyber threats are a top national security threat to the United States,\r\nand the Department of State’s TOC Rewards Program is one of the many tools used by U.S. authorities to bring\r\nsignificant cybercriminals to justice.  Congress established the TOC Rewards Program in 2013 to support law\r\nenforcement efforts to dismantle transnational criminal organizations and bring their leaders and members to\r\njustice.  The U.S. Department of State’s Bureau of International Narcotics and Law Enforcement Affairs manages\r\nthe program in coordination with other U.S. federal agencies.\r\nIn addition to NCA, the law enforcement actions taken related to these two prosecutions were assisted by the\r\nefforts of law enforcement counterparts from The Netherlands, Germany, Belarus, Ukraine, and the Russian\r\nFederation.\r\nThe FBI’s Pittsburgh and Omaha Field Offices led the investigations of Yakubets and Turashev with assistance by\r\nthe FBI’s Major Cyber Crimes Unit and Global Operations and Targeting Unit.  The prosecution in Pittsburgh is\r\nbeing handled by Assistant U.S. Attorney Shardul S. Desai of the Western District of Pennsylvania, and the\r\nprosecution in Lincoln is being handled by Senior Counsel William A. Hall, Jr., of the Criminal Division’s\r\nComputer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorney Steven A. Russell of the\r\nDistrict of Nebraska.  The Criminal Division’s Office of International Affairs provided significant assistance\r\nthroughout the criminal investigations.  The Department’s National Security Division also provided investigative\r\nassistance.  \r\nThe details contained in the indictment, criminal complaint and related pleadings are merely accusations, and the\r\ndefendants are presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law.\r\nSource: https://www.justice.gov/opa/pr/russian-national-charged-decade-long-series-hacking-and-bank-fraud-offenses-resulting-tens\r\nhttps://www.justice.gov/opa/pr/russian-national-charged-decade-long-series-hacking-and-bank-fraud-offenses-resulting-tens\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.justice.gov/opa/pr/russian-national-charged-decade-long-series-hacking-and-bank-fraud-offenses-resulting-tens"
	],
	"report_names": [
		"russian-national-charged-decade-long-series-hacking-and-bank-fraud-offenses-resulting-tens"
	],
	"threat_actors": [],
	"ts_created_at": 1775490789,
	"ts_updated_at": 1775826678,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5b8bc8ae30279550c3926098853b7d024f9193e1.pdf",
		"text": "https://archive.orkl.eu/5b8bc8ae30279550c3926098853b7d024f9193e1.txt",
		"img": "https://archive.orkl.eu/5b8bc8ae30279550c3926098853b7d024f9193e1.jpg"
	}
}