#34. Maksim Yakubets - Russian Hacker

Hear about Russian hacker Maksim Yakubets, mastermind of hacking and bank fraud schemes stealing millions directly from bank accounts.

Who is Maksim Yakubets?

Maksim V. Yakubets, also known as “aqua”, is the most wanted alleged hacker in the world. US and UK authorities say that Yakubets’ hacker gang, formalized into Evil Corp, alias the ‘Dridex gang’ or ‘INDRIK SPIDER’, is the most notorious hacker gangs of the last decade.

To get a clearer understanding of who this criminal really is, let’s look at his associations. 

  • Allegedly, Yakubets had close ties to the Federal Security Service (FSB). The FSB succeeded the Soviet Union’s KGB, a security machinery for “ensuring the stability of the USSR’s political system, suppressing opposition and dissidents, gathering intelligence, overseeing counter-intelligence activities in the USSR, conducting clandestine operations abroad and protecting Soviet borders, to name just a few..” according to Beyond Russia. The KGB was greatly feared.
  • Yakubets married high-ranking FSB officer Eduard Bendersky’s daughter in the summer of 2017. Their wedding was held at a golf course two hours outside of Moscow, and reporters estimate it to have cost about $500,000. 
  • The analysis of ransomware incidents that Yakubets propagated using Evil Corp revealed that the group has used similar techniques Russian government-backed hackers used to carry out the devastating SolarWinds attack in 2020.

Starting May 2009, Maksim Yakubets lead the hackers behind Evil Corp to assault the bank accounts of victims across dozens of countries. Using a constantly evolving malware called Bugat, the criminals siphoned money from unwitting victims amounting to about $100 million. The gang sustained this theft scheme for about 10 years.

Yakubets had a close associate, Igor Turashev, a Russian national also charged in the scheme. They would convince email users to click on a malicious link in a phishing email to download their malware, Bugat. Once Bugat was installed, it would employ various techniques to steal users’ personal information in an automated manner. According to the DoJ’s indictment statement, Bugat was designed to defeat the protective measures we usually employ as computer users, like antivirus. The hackers continually improved the malware, added functionality, and changed its name severally. At one point being called “Cridex,” and later “Dridex. The malware used a keylogger to grab passwords, or created fake banking pages to dupe someone into entering their credentials.  The indictment stated further, “Yakubets and Turashev used the captured banking credentials to cause banks to make unauthorized electronic funds transfers from the victims’ bank accounts, without the knowledge or consent of the account holders.  They then allegedly used persons, known as “money mules,” to receive stolen funds into their bank accounts, and then move the money to other accounts or withdraw the funds and transport the funds overseas as smuggled bulk cash.”

Victims of the Bugat conspiracy

Yakubet and Yuroshev victimized big banks, a school district, private energy and construction companies, and even a firearm manufacturer. The assaults happened as recent as March 2019. Apparently, Evil Corp was also in the franchise business. Court documents indicate that Yakubets gave a UK resident access to Bugat in exchange for $100,000 up front, plus 50% of all revenues, with a minimum take of $50,000 a week. Yakubets offered technical support as needed.

Maksim Yakubets Indictment

In December, 2019, the FBI indicted Yakubets. On the same day, the State Department, in partnership with the FBI, announced a reward of up to $5 million for information leading to the arrest and/or conviction of Yakubets. 

Involvement in the Zeus scheme

In the same month when the Yakubets was indicted for the Bugat conspiracy, another criminal complaint connected him to the “Zeus” malware scheme. The “Zeus” malware also employed money mules and a botnet, and Yakubets and other actors allegedly victimized 21 municipalities, banks, companies, and non-profit organizations in Iowa, California, Illinois, Massachusetts, Kentucky, North Carolina, Maine, Washington, New Mexico, Texas and Ohio.

The Zeus malware facilitated the attempted theft of about $220 million USD. Actual losses were estimated at $70 million from victims’ bank accounts. In this scheme, Yakubets’ provided money mules and their associated banking credentials so that money would be removed from victim accounts fraudulently.

Hacker Yakubet worked for the Russian government

Reportedly, Yakubet was working with FSB, Russia’s intelligence agency, in 2017. Although it’s unclear what his role was, it’s alleged that he was “acquiring confidential documents through cyber-enabled means and conducting cyber-enabled operations.”

Where is Maksim Yakubets now?

According to the BBC, both Yakubets and Turashev are living lavishly in Russia. There are videos of him flaunting a customized Lamborghini Huracan and petting a baby tiger. 

The indictments won’t impact Russian Hacker Maksim Yakubets unless he leaves Russia, according to the UK National Crime Agency. If he does leave, he will be arrested and extradited to the US.


Russian Hacker Maksim Yakubets, Maksim Yakubets indictment, Igor Turashev,  Russian hanger gang, Evil Corp, Dridex gang, INDRIK SPIDER, Bugat malware, Zeus malware, Bugat conspiracy scheme, 


You may also like