On December 6, 2019, the Office of Foreign Assets Control of the US Department of the Treasury has designated 17 individuals and seven entities to include Evil Corp, its core cyber operators, multiple businesses associated with a group member, and financial facilitators utilized by the group. OFAC designated these persons pursuant to Executive Order 13694, as amended, which targets malicious cyber-enabled actors around the world, and as codified by the Countering America’s Adversaries Through Sanctions Act.
Evil Corp is the Russia-based cybercriminal organization responsible for the development and distribution of the Dridex malware. The Dridex malware is a multifunctional malware package that is designed to automate the theft of confidential information, to include online banking credentials from infected computers. Dridex is traditionally spread through massive phishing email campaigns that seek to entice victims to click on malicious links or attachments embedded within the emails. Once a system is infected, Evil Corp uses compromised credentials to fraudulently transfer funds from victims’ bank accounts to those of accounts controlled by the group.
Evil Corp is being designated for engaging in cyber-enabled activities that have the effect of causing a significant misappropriation of funds or economic resources for private financial gain. Additionally, Biznes-Stolitsa, OOO, Optima, OOO, Treid-Invest, OOO, TSAO, OOO, Vertikal, OOO, and Yunikom, OOO, are also being designated pursuant to E.O. 13694, as amended, for being owned or controlled by Denis Gusev, a senior member of Evil Corp.
The following individuals have been designated for having acted for or on behalf of and for providing material assistance to Evil Corp: Maksim Yakubets, Igor Turashev, Denis Gusev, Dmitriy Smirnov, Artem Yakubets, Ivan Tuchkov, Andrey Plotnitskiy, Dmitriy Slobodskoy, Kirill Slobodskoy, Aleksei Bashlikov, Ruslan Zamulko, David Guberman, Carlos Alvares, Georgios Manidis, Tatiana Shevchuk, Azamat Safarov, and Gulsara Burkhonova.
Due to OFAC’s designation, all property and interests in property of these persons subject to U.S. jurisdiction are blocked, and U.S. persons are generally prohibited from engaging in transactions with them. Additionally, any entities 50 percent or more owned by one or more designated persons are also blocked. Foreign persons may be subject to secondary sanctions for knowingly facilitating a significant transaction or transactions with these designated persons.