{"id":217,"date":"2024-11-27T10:05:27","date_gmt":"2024-11-27T10:05:27","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2024\/11\/27\/evil-corp-cyber-criminals-group-identity-exposed-along-with-lockbit-affiliate\/"},"modified":"2024-11-27T10:05:27","modified_gmt":"2024-11-27T10:05:27","slug":"evil-corp-cyber-criminals-group-identity-exposed-along-with-lockbit-affiliate","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2024\/11\/27\/evil-corp-cyber-criminals-group-identity-exposed-along-with-lockbit-affiliate\/","title":{"rendered":"Evil Corp Cyber Criminals Group Identity Exposed Along with Lockbit Affiliate"},"content":{"rendered":"<p>    Evil Corp Cyber Criminals Group Identity Exposed Along with Lockbit Affiliate<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>Authorities in the UK, US, and Australia have sanctioned sixteen individuals linked to Evil Corp, a group once considered the pinnacle of global <a href=\"https:\/\/cybersecuritynews.com\/how-to-investigate-emerging-cyber-threats\/\" target=\"_blank\" rel=\"noreferrer noopener\">cyber threats<\/a>. <\/p>\n<p>This move exposes their connections to the Russian state and other infamous ransomware groups, including LockBit. The National Crime Agency(NCA) also shared the news on Social Platform X.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Further Evil Corp cyber criminals exposed following NCA investigation, one unmasked as LockBit affiliate, as UK, US and Australia unveil sanctions.<\/p>\n<p>Read the full story <img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/27a1.png?ssl=1\" alt=\"\u27a1\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\"> <a href=\"https:\/\/t.co\/MVHye4QU2T\">https:\/\/t.co\/MVHye4QU2T<\/a> <a href=\"https:\/\/t.co\/VcXP2PquyU\">pic.twitter.com\/VcXP2PquyU<\/a><\/p>\n<p>\u2014 National Crime Agency (NCA) (@NCA_UK) <a href=\"https:\/\/twitter.com\/NCA_UK\/status\/1841119712119316840?ref_src=twsrc%5Etfw\">October 1, 2024<\/a>\n<\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div>\n<\/figure>\n<h2 class=\"wp-block-heading\" id=\"h-unveiling-the-faces-behind-evil-corp\"><strong>Unveiling the Faces Behind Evil Corp<\/strong><\/h2>\n<p>The <a href=\"https:\/\/www.nationalcrimeagency.gov.uk\/news\/further-evil-corp-cyber-criminals-exposed-one-unmasked-as-lockbit-affiliate\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">National Crime Agency (NCA)<\/a> has played a pivotal role in unraveling the complex web of Evil Corp\u2019s operations. <\/p>\n<p>Originating as a family-centered financial crime group in Moscow, Evil Corp evolved into a formidable cybercrime entity, extorting over $300 million from victims worldwide. <\/p>\n<p>Their targets spanned critical sectors such as healthcare, government, and national infrastructure.<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(135deg,rgb(238,238,238) 100%,rgb(169,184,195) 100%)\"><strong>Analyse Any Suspicious Links Using ANY.RUN\u2019s New Safe Browsing Tool:\u00a0<a class=\"sitechecker_casdrwead_11wsd\" href=\"https:\/\/app.any.run\/?utm_source=li_csn&amp;utm_medium=linkedin&amp;utm_campaign=safebrowsing&amp;utm_content=service&amp;utm_term=300924\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><sitechecker_element class=\"sitechecker_asdddg_aaqaa_ligth\"><\/sitechecker_element>Try It for Free<\/a><\/strong><\/p>\n<p>In 2019, the US indicted Maksim Yakubets, Evil Corp\u2019s head, Igor Turashev, and several other members. <\/p>\n<p>The UK\u2019s Foreign, Commonwealth, and Development Office has sanctioned these individuals. <\/p>\n<p>This new wave of sanctions includes previously unidentified members like Aleksandr Ryzhenkov, Yakubets\u2019 trusted lieutenant and a known LockBit affiliate.<\/p>\n<figure class=\"wp-block-image size-large is-resized\"><img data-recalc-dims=\"1\" fetchpriority=\"high\" decoding=\"async\" width=\"831\" height=\"1024\" src=\"https:\/\/i0.wp.com\/cybersecuritynews.com\/wp-content\/uploads\/2024\/10\/image-11-831x1024.png?resize=831%2C1024&#038;ssl=1\" alt=\"Evil Corp\" class=\"wp-image-79948\" style=\"width:1008px;height:auto\" srcset=\"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2024\/10\/image-11-831x1024.png 831w, https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2024\/10\/image-11-244x300.png 244w, https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2024\/10\/image-11-768x946.png 768w, https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2024\/10\/image-11-324x400.png 324w, https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2024\/10\/image-11-696x857.png 696w, https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2024\/10\/image-11-1068x1315.png 1068w, https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2024\/10\/image-11-341x420.png 341w, https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2024\/10\/image-11-150x185.png 150w, https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2024\/10\/image-11.png 1213w\" sizes=\"(max-width: 831px) 100vw, 831px\"><figcaption class=\"wp-element-caption\">Evil Corp<\/figcaption><\/figure>\n<h2 class=\"wp-block-heading\" id=\"h-international-efforts-to-combat-cybercrime\"><strong>International Efforts to Combat Cybercrime<\/strong><\/h2>\n<p>The sanctions are part of a broader international effort to dismantle Evil Corp\u2019s operations. <\/p>\n<p>The US Department of Justice has unsealed an indictment against Ryzhenkov for deploying BitPaymer <a href=\"https:\/\/cybersecuritynews.com\/sumter-county-rhysida-ransomware\/\" target=\"_blank\" rel=\"noreferrer noopener\">ransomware <\/a>across American targets. Meanwhile, Australia has joined in imposing sanctions against these cybercriminals. <\/p>\n<p>The NCA\u2019s Director General for Threats, James Babbage, emphasized the importance of these actions: \u201cThese sanctions expose further members of Evil Corp and those critical to enabling their activity. <\/p>\n<p>We expect these new designations to disrupt their ongoing criminal activity.\u201d<\/p>\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"556\" src=\"https:\/\/i0.wp.com\/cybersecuritynews.com\/wp-content\/uploads\/2024\/10\/image-12-1024x556.png?resize=1024%2C556&#038;ssl=1\" alt=\"Cyber Relted Sanction\" class=\"wp-image-79949\" srcset=\"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2024\/10\/image-12-1024x556.png 1024w, https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2024\/10\/image-12-300x163.png 300w, https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2024\/10\/image-12-768x417.png 768w, https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2024\/10\/image-12-696x378.png 696w, https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2024\/10\/image-12-1068x580.png 1068w, https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2024\/10\/image-12-774x420.png 774w, https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2024\/10\/image-12-150x81.png 150w, https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2024\/10\/image-12.png 1347w\" sizes=\"(max-width: 1024px) 100vw, 1024px\"><figcaption class=\"wp-element-caption\">Cyber Relted Sanction<\/figcaption><\/figure>\n<h2 class=\"wp-block-heading\" id=\"h-the-russian-connection\"><strong>The Russian Connection<\/strong><\/h2>\n<p>Evil Corp\u2019s ties to the Russian state have been well-documented. Eduard Benderskiy, Yakubets\u2019 father-in-law and a former high-ranking FSB official, was instrumental in fostering this relationship. <\/p>\n<p>Before 2019, Russian Intelligence Services reportedly tasked Evil Corp with executing cyber attacks against NATO allies. <\/p>\n<p>Following US sanctions in 2019, Benderskiy leveraged his connections to shield Evil Corp\u2019s senior members from Russian authorities. <\/p>\n<p>Despite this protection, the group faced significant operational disruptions and was forced to adapt its tactics.<\/p>\n<p>Evil Corp\u2019s strategies shifted post-2019 sanctions. They moved from widespread attacks to targeting high-value organizations using new ransomware strains like WastedLocker and Hades. <\/p>\n<p>Some members even collaborated with other crime groups, like <a href=\"https:\/\/cybersecuritynews.com\/lockbit-claims-a-breach-of-united-states-federal-reserve-system\/\" target=\"_blank\" rel=\"noreferrer noopener\">LockBit<\/a>, for technical tools.The NCA continues to track former Evil Corp members involved in ransomware activities. <\/p>\n<p>The international investigation into LockBit remains active, with recent arrests in France and Spain highlighting ongoing efforts to dismantle their operations.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-global-leaders-respond\"><strong>Global Leaders Respond<\/strong><\/h2>\n<p>UK Foreign Secretary David Lammy stated: \u201cToday\u2019s sanctions send a clear message to the Kremlin that we will not tolerate Russian cyber-attacks.\u201d <\/p>\n<p>Security Minister Dan Jarvis added, \u201d Cybercrime causes immense damage globally, but today\u2019s action shows there are serious consequences for those involved.\u201d<\/p>\n<p>Jonathon Ellison of the NCSC urged organizations to follow ransomware guidance: \u201cEvery day we see ransomware incidents have real-world consequences\u2026 I welcome today\u2019s sanctions against Evil Corp-affiliated actors.\u201d<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(135deg,rgb(238,238,238) 100%,rgb(169,184,195) 100%)\"><code><strong>Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats<\/strong>\u00a0-&gt;\u00a0<strong><a class=\"sitechecker_casdrwead_11wsd\" href=\"https:\/\/my.demio.com\/ref\/eUcOj8lOn9xpgJb3?utm_source=cyber_security_news&amp;utm_medium=social&amp;utm_campaign=Q4-sponsored-webinars&amp;utm_content=ECMSIwebinar\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><sitechecker_element class=\"sitechecker_asdddg_aaqaa_ligth\"><\/sitechecker_element>Free Registration<\/a><\/strong><\/code><\/p>\n<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/cybersecuritynews.com\/evil-corp-cyber-criminals-group\/\">Evil Corp Cyber Criminals Group Identity Exposed Along with Lockbit Affiliate<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Dhivya<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/evil-corp-cyber-criminals-group\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Evil Corp Cyber Criminals Group Identity Exposed Along with Lockbit Affiliate Authorities in the UK, US, and Australia have sanctioned sixteen individuals linked to Evil Corp, a group once considered the pinnacle of global cyber threats. This move exposes their connections to the Russian state and other infamous ransomware groups, including LockBit. The National Crime [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63],"tags":[130],"class_list":["post-217","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/217"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=217"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/217\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=217"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=217"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=217"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}