In an exclusive interview, a representative from the UK’s National Crime Agency (NCA) shared alarming insights into the notorious Russian cybercriminal organization known as Evil Corp. Operating with apparent protection from state intelligence services, this gang has been linked to attacks against NATO countries. The NCA suggests that the association between Evil Corp and the Russian government is more intricate than the standard criminal-state relationship, involving deep familial connections that provide a veil of security for its members.
The agency highlighted that Evil Corp capitalized on its network, particularly through its leader, Maksim Yakubets, who gained protection from his father-in-law, Eduard Benderskiy. Benderskiy, a former high-ranking official in Russia’s FSB (domestic spy agency), allegedly used his influence to shield Evil Corp from U.S. authorities following the imposition of sanctions in 2019.
“Evil Corp operated with a strong family-oriented structure, resembling a traditional organized crime family. Yakubets worked closely with his father, brother, and cousins,” the NCA spokesperson explained. Initially rooted in Moscow, the group initially focused on cyber-attacks and espionage, later shifting to ransomware operations.
Since 2019, however, the group’s influence has diminished, a decline underscored by the emergence of images showcasing Yakubets’s lavish lifestyle, which included a camouflaged Lamborghini with the license plate “thief.” The NCA pointed out that this period marked a significant change in Evil Corp’s operations, including a fallout with a key member and a subsequent pivot toward developing new ransomware variants.
In a critical alliance, Yakubets’s right-hand man, Aleksandr Ryzhenkov, has been associated with the infamous LockBit gang. The NCA explained that LockBit employs a ransomware-as-a-service model, supplying malware and support services in exchange for a cut of the ransom payments. Ryzhenkov’s involvement has raised significant concerns, as he has been implicated in many LockBit ransomware attacks.
Recent law enforcement efforts have led to the seizure of LockBit’s infrastructure, effectively hindering their operations. Although LockBit has reported new victims post-crackdown, the NCA suspects that these may be repeat targets or that the gang is downplaying the effects of law enforcement on their activities.
As the landscape of cybercrime continues to evolve, the NCA remains committed to tracking these elusive criminal organizations, highlighting that the synergy between these groups and state actors continues to pose a tangible threat to global security.
