Moscow's Evil Corp: Hackers protected by Russian spy agency, UK agency reveals

A notorious Russian cybercriminal gang, Evil Corp, has been accused of carrying out attacks against North Atlantic Treaty Organisation (Nato) countries on behalf of state intelligence services, according to the UK’s National Crime Agency (NCA).

The group, which has long operated under the radar, allegedly received protection through family ties with Russia’s domestic spy agency, the FSB, after being targeted by US authorities, the Guardian reported.

In a briefing released on Tuesday, the NCA described Evil Corp as having an “unusually close relationship” with the Russian state. “Evil Corp held a privileged position, and the relationship between the Russian state and this cybercriminal group went far beyond the typical state-criminal relationship of protection, payoffs, and racketeering,” said the NCA.

Operating out of Moscow, Evil Corp was responsible for cyberattacks and espionage operations against unnamed NATO countries before 2019, while also engaging in criminal activities such as deploying ransomware.

More from World

Nepal's new PM pays homage to people died during the Gen Z protest in her first national address This Week in Explainers: How recovering from Gen-Z protests is a Himalayan task for Nepal

After being sanctioned and having several members indicted by the US in 2019, the group turned to Eduard Benderskiy, a former high-ranking official in the FSB and father-in-law of Evil Corp’s leader, Maksim Yakubets, for protection, the Guardian reported.

“Benderskiy used his extensive influence to protect the group, both by providing senior members with security and by ensuring they were not pursued by internal Russian authorities,” the NCA stated.

Evil Corp has been described as a family-centered operation, with Yakubets joined by his father, brother, and cousins in their cybercrime activities.

Despite their decline in influence after US authorities publicised Yakubets’ lavish lifestyle, the group has continued to evolve, developing new strains of ransomware.

Impact Shorts

More Shorts

‘The cries of this widow will echo’: In first public remarks, Erika Kirk warns Charlie’s killers they’ve ‘unleashed a fire’

Trump urges Nato to back sanctions on Russia, calls for 50–100% tariffs on China

The NCA also revealed that Yakubets’ right-hand man, Aleksandr Ryzhenkov, has partnered with Russian ransomware gang LockBit. LockBit operates a ransomware-as-a-service model, leasing out malware to other criminals for a share of the ransom, typically demanded in bitcoin.

In a significant blow to LockBit, the NCA and other enforcement agencies seized its website and infrastructure earlier this year. While LockBit has claimed further attacks since, the NCA suspects these are either repeat victims or attempts to downplay the operation’s impact.