{
	"id": "7b3af7ad-c62f-4462-974b-5e02b73201f7",
	"created_at": "2026-04-10T03:20:56.846299Z",
	"updated_at": "2026-04-10T03:22:18.796387Z",
	"deleted_at": null,
	"sha1_hash": "5c6e9a0c9b010d13fcec86f016f6992dd9865687",
	"title": "Evil Corp: 'My hunt for the world's most wanted hackers'",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3099212,
	"plain_text": "Evil Corp: 'My hunt for the world's most wanted hackers'\r\nBy By Joe Tidy\r\nPublished: 2021-11-17 · Archived: 2026-04-10 03:16:14 UTC\r\n17 November 2021\r\nJoe TidyCyber reporter\r\nBBC\r\nMany of the people on the FBI's cyber most wanted list are Russian. While some allegedly work for the\r\ngovernment earning a normal salary, others are accused of making a fortune from ransomware attacks and\r\nonline theft. If they left Russia they'd be arrested - but at home they appear to be given free rein.\r\n\"We're wasting our time,\" I thought, as I watched a cat licking the carcass of a discarded takeaway chicken.\r\nSurely there would no longer be any trace of an alleged multi-millionaire cyber-criminal on this dilapidated estate\r\nin a run-down town 700km (400 miles) east of Moscow.\r\nBut I pressed on with an interpreter and cameraman, shooing the mangy cat away from the entrance to the block\r\nof flats.\r\nWhen we knocked at one of the doors, a young man answered and a curious elderly woman peered around the\r\ncorner at us from the kitchen.\r\n\"Igor Turashev? No, I don't recognise the name,\" he said.\r\n\"His family is registered here, so who are you?\" we asked.\r\nhttps://www.bbc.com/news/technology-59297187\r\nPage 1 of 9\n\nAfter some friendly chat we explained we were reporters from the BBC, and the mood suddenly changed.\r\n\"I'm not telling you where he is and you shouldn't try to find him. You shouldn't have come here,\" the young man\r\nsaid angrily.\r\nI didn't sleep well that night, thinking of the conflicting advice I'd been given by people in the security sector.\r\nSome said trying to track down wanted cyber-criminals on their home soil was risky. \"They'll have armed guards,\"\r\nI was told. \"You'll end up in a ditch somewhere,\" another warned. Others said it would be fine - \"They're just\r\ncomputer geeks.\"\r\nAll said we wouldn't get anywhere near them.\r\nUS Department of Justice\r\nMaksim Yakubets, Igor Turashev and seven others allegedly from Evil Corp were sanctioned,\r\nindicted or designated in December 2019\r\nIn a press conference two years ago, the FBI named nine members of the Russian hacking group, Evil Corp,\r\naccusing Igor Turashev and the gang's alleged leader, Maksim Yakubets, of stealing or extorting more than $100m\r\nin hacks affecting 40 different countries.\r\nThe victims range from small businesses to multinationals like Garmin, as well as charities and a school. They're\r\njust the ones we know about.\r\nWatch The Russian Hackers Wanted by the West on the iPlayer this weekend, and the BBC News\r\nChannel - click here for timings\r\nViewers outside the UK can watch on BBC World News\r\nThe US Department of Justice says the men are \"cyber-enabled bank robbers\" staging ransomware attacks, or\r\nhacking into accounts to steal money.\r\nhttps://www.bbc.com/news/technology-59297187\r\nPage 2 of 9\n\nThe announcement made Maksim Yakubets, then only 32, a poster boy for the playboy Russian hacker.\r\nFootage of the gang obtained by the UK's National Crime Agency, showed the men driving custom Lamborghinis,\r\nlaughing with wads of cash and playing with a pet lion cub.\r\nNational Crime Agency\r\nMaksim Yakubets drives a custom Lamborghini with the Russian word for \"thief\" on the licence\r\nplate\r\nThe FBI's indictment of the two men was the result of years of work, including interviews with former gang\r\nmembers and the use of cyber-forensics. Some information dated back as far as 2010, when Russian police were\r\nstill prepared to collaborate with their US colleagues.\r\nThose days are long gone now. The Russian government routinely brushes off US hacking accusations against its\r\ncitizens.\r\nIn fact, not only are the hackers allowed to carry on, they are recruited by the security services too.\r\nOur investigation into Maksim Yakubets began in an unlikely place - a golf course about two hours outside\r\nMoscow.\r\nThis was the venue for his spectacular wedding in 2017, a video of which was spotted by Radio Free\r\nEurope/Radio Liberty and widely shared.\r\nTellingly, Yakubets' face is never shown in the footage, filmed by a wedding video production company, but he\r\ncan be seen dancing to live music performed by a famous Russian singer under a beautiful light show.\r\nhttps://www.bbc.com/news/technology-59297187\r\nPage 3 of 9\n\nNational Crime Agency\r\nMaksim Yakubets' wedding may have cost more than half a million dollars\r\nWedding planner Natalia wouldn't go into specifics about Yakubets' big day but showed us around some of the key\r\nlocations, including a pillared building carved out of the hills near a lake.\r\n\"It's our exclusive room,\" she said. \"The newlyweds love to get inside for photo shoots and romance.\"\r\nAs we were driven around by golf cart I did some maths. With what we were being told, this grand wedding\r\nwould have cost considerably more than the estimates I'd heard previously of around $250,000. The price tag was\r\npotentially closer to half a million dollars, or even $600,000.\r\nWe don't know how the special day was paid for, but if Yakubets picked up the bill it's an indication of just how\r\nlavish his lifestyle is.\r\nhttps://www.bbc.com/news/technology-59297187\r\nPage 4 of 9\n\nUS Department of Justice\r\nIgor Turashev is accused of being a system administrator for Evil Corp\r\nNor is Igor Turashev, 40, keeping a low profile.\r\nUsing public records, my colleague Andrey Zakharov, BBC Russia's Cyber Reporter, found three companies\r\nregistered in his name.\r\nAll have offices in Moscow's prestigious Federation Tower, a shiny skyscraper in the financial district that\r\nwouldn't look out of place in Manhattan or London's Canary Wharf.\r\nA puzzled receptionist looked for a phone number, and found that the offices didn't have one. She did find a\r\nmobile phone under the firm's name though, and put us through.\r\nWe called it and waited. A Frank Sinatra song played for about five minutes, then finally someone picked up,\r\nsounding as though he was on a busy street - only to hang up when we said we were journalists.\r\nAs Andrey explained, Turashev is not wanted in Russia so no-one is stopping him renting this expensive city-centre office space.\r\nIt may also be convenient for him to be located among financial companies, including some that deal in the\r\ncryptocurrencies, such as Bitcoin, that Evil Corp is alleged to have collected from victims in ransomware attacks -\r\nreportedly $10m-worth in one case.\r\nA Bloomberg report using research from Bitcoin analysts Chainalysis claims that the Federation Tower houses\r\nnumerous crypto firms that act like \"cash machines for cyber-criminals\".\r\nWe tried two other addresses linked to Turashev and another key Evil Corp figure called Denis Gusev, and made\r\nnumerous approaches by phone and email, but no-one answered.\r\nAndrey and I spent a long time trying to find a place of work for Maksim Yakubets.\r\nhttps://www.bbc.com/news/technology-59297187\r\nPage 5 of 9\n\nHe used to be a director of his mother's cattle feed company, but these days he appears to have no registered\r\nbusiness or employer.\r\nWhat we did find, though, were addresses where he might still live, so one night we went to give them a knock.\r\nAt one, a man laughed over the intercom as we explained where we were from.\r\n\"Maksim Yakubets isn't here. He hasn't been here for probably 15 years. I'm his dad,\" he said.\r\nTo our surprise Yakubets senior then came out into the hallway and gave us an impassioned 20-minute interview\r\non camera, angrily condemning the US authorities for indicting his son.\r\nThe $5m US reward for information leading to his son's arrest - the highest ever bounty for a named cyber-criminal - had led the family to live in fear of attack, Mr Yakubets said, demanding that we publish his words.\r\n\"The Americans created a problem for my family, for many people who know us, for our relatives. What was the\r\npurpose? American justice has turned into Soviet justice. He was not questioned, he was not interrogated, there\r\nwere no procedures that would prove his guilt.\"\r\nHe denied that his son was a cyber-criminal. When I asked how he thought he had become so rich, he laughed,\r\nsaying that I was exaggerating the price tag of the wedding and that the luxury cars were rented. Maksim's salary\r\nwas higher than average, he said, because \"he works, he gets paid, he has a job\".\r\n\"What does he do for work then?\" I asked.\r\n\"Why should I tell you?\" he replied. \"What about our private lives?\"\r\nHe said he hadn't had any contact with his son since the indictment, so could not put us in touch with him.\r\nYakubets and Turashev are part of the growing list of Russian citizens to be issued with cyber-sanctions as the\r\nWest struggles to respond to cyber-attacks.\r\nMore Russian people and organisations have been sanctioned and indicted than those of any other nationality.\r\nIndictments prevent the hackers from travelling abroad, while the sanctions freeze any assets they have in the\r\nWest, and ban them from doing business with Western firms.\r\nLast year the European Union started issuing cyber-sanctions, following in the US's footsteps, and it's mainly\r\nRussians who have been named and shamed on this list too.\r\nThe vast majority of the individuals on these lists are said to have direct links to the Russian state, hacking in\r\norder to spy, project power or exert pressure. While all nations hack each other, the US, EU and allies claim that\r\nsome of the Russian attacks cross a line, in terms of what is acceptable.\r\nSome of the men are accused of causing widespread blackouts in Ukraine by hacking power grids. Others are\r\nwanted for trying to hack into a chemical weapons testing facility in the wake of the Salisbury poisonings.\r\nhttps://www.bbc.com/news/technology-59297187\r\nPage 6 of 9\n\nThe Kremlin denies all accusations, routinely laughing them off as Western hysteria and \"Russophobia\".\r\nAs there are no clear rules for what is acceptable nation state hacking, we deliberately concentrated our\r\ninvestigation on the individuals accused of being criminals, hacking for profit.\r\nNational Crime Agency\r\nAn alleged member of Evil Corp holding wads of cash\r\nSo do cyber-sanctions against \"criminal\" hackers work?\r\nSpeaking to Yakubets' father it seems that they do have some impact - at the very least they made him furious.\r\nHowever Evil Corp appears to have been unaffected.\r\nCyber-security researchers allege the crew are still carrying out lucrative cyber-attacks on mainly Western targets.\r\nhttps://www.bbc.com/news/technology-59297187\r\nPage 7 of 9\n\nThe \"golden rule\" of Russian hacking, according to researchers and former hackers, is that non-state-employed\r\ncriminal hackers can hack who they like, as long as the victims are not in Russian-speaking or former Soviet\r\nterritories.\r\nThe rule appears to work, as cyber-security researchers have for many years noticed fewer attacks in those\r\ncountries. They've also found that some malware is designed to avoid computers with Russian language systems.\r\nLilia Yapparova, an investigative reporter working at Meduza, one of few independent news organisations in the\r\ncountry, says the golden rule is helpful for the intelligence services, which can then exploit the skills hackers have\r\ndeveloped while working for themselves.\r\n\"It's more valuable for the FSB to enlist hackers in Russia than to put them in jail. One of my sources, who is an\r\nex-FSB officer, told me that he personally tried to enlist some of the guys from Evil Corp to do some work for\r\nhim,\" she says.\r\nThe US claims that Maksim Yakubets and other wanted hackers - including Evgeniy Bogachev, who has a $3m\r\nbounty out for his arrest - have worked directly for the intelligence services.\r\nIt may not be a coincidence that Yakubets' father-in-law, seen in the wedding video, is a former high-level member\r\nof the FSB.\r\nWe asked the Russian government to comment on the fact that hackers seem to operate freely in Russia, but\r\nreceived no reply.\r\nWhen Vladimir Putin was asked about this at the Geneva summit with Joe Biden this summer, he denied that\r\nhigh-profile attacks were originating in his country and even claimed that most cyber-attacks began in the US. But\r\nhe said he would work with the US to \"bring order\".\r\nThe rise of Evil Corp\r\n2009: Evil Corp arrives on the scene, allegedly using malware called Cridex, Dridex, Bugat or Zeus to steal\r\nbanking logins and grab money from accounts\r\n2012: Members of Evil Corp are indicted by a court in Nebraska under their online monikers, as their\r\nidentities are unknown (Yakubets allegedly goes under the name \"Aqua\")\r\n2017: The crew is accused of starting a \"ransomware as a service\" (RaaS) operation - it's claimed other\r\nhackers pay to use their ransomware, called BitPaymer\r\n2019: Yakubets, Turashev and seven others are indicted, sanctioned or designated in the US - a $5m bounty\r\nis offered for information leading to Yakubets' arrest\r\nSince 2019, Evil Corp is alleged to have cycled through different brands and variants of ransomware\r\nincluding DoppelPaymer, Grief, WastedLocker, Hades, Phoenix and Macaw\r\nhttps://www.bbc.com/news/technology-59297187\r\nPage 8 of 9\n\nIn the last six months the US and its allies have gone beyond cyber-sanctions, and started employing a far more\r\naggressive tactic.\r\nThey have begun hacking back against cyber-crime gangs and have successfully taken some of them offline, at\r\nleast temporarily. REvil and DarkSide have announced on forums that they are no longer operating because of law\r\nenforcement action.\r\nOn two occasions US government hackers have even managed to retrieve millions of dollars of Bitcoin stolen\r\nfrom victims.\r\nAn international effort involving Europol and the US Department of Justice has also seen alleged hackers arrested\r\nin South Korea, Kuwait, Romania and Ukraine.\r\nHowever, cyber security researchers say more groups are surfacing, and attacks are occurring every week. The\r\nphenomenon will not go away, they say, as long as hackers can flourish in Russia.\r\nYou may also be interested in:\r\nPlinofficial Instagram\r\nSource: https://www.bbc.com/news/technology-59297187\r\nhttps://www.bbc.com/news/technology-59297187\r\nPage 9 of 9",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.bbc.com/news/technology-59297187"
	],
	"report_names": [
		"technology-59297187"
	],
	"threat_actors": [],
	"ts_created_at": 1775791256,
	"ts_updated_at": 1775791338,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5c6e9a0c9b010d13fcec86f016f6992dd9865687.pdf",
		"text": "https://archive.orkl.eu/5c6e9a0c9b010d13fcec86f016f6992dd9865687.txt",
		"img": "https://archive.orkl.eu/5c6e9a0c9b010d13fcec86f016f6992dd9865687.jpg"
	}
}