US authorities have filed charges against two Russian nationals alleged to be running a global cyber theft operation named Evil Corp. An indictment named Maksim Yakubets and Igor Turashev – who remain at large – as figures in a group which used malware to steal millions of dollars in more than 40 countries.

Those affected by the hacks include schools and religious organisations. It is also alleged that Mr Yakubets worked for Russian intelligence. Speaking at a news conference, Assistant Attorney General Brian Benczkowski said the attacks were among “the worst computer hacking and bank fraud schemes of the past decade”.

Mr Yakubets is accused of leading Moscow-based Evil Corp, while Mr Turashev allegedly acted as an administrator. The pair are thought to be resident in Russia.

US authorities allege that the group stole at least $100m (£76m) using Bugat malware – known as Dridex. The malware was spread via email with so-called “phishing” campaigns, which encouraged victims to click on malicious web links.

Once a computer was infected, the group allegedly stole personal banking information which was used to transfer funds. US authorities said Mr Yakubets was also involved in a similar scheme using another form of malware – known as Zeus – which stole $70m from victims’ bank accounts. In a separate statement, the US Treasury alleged that, since 2017, Mr Yakubets worked on projects for the Russian state, including the theft of confidential documents and “cyber-enabled operations”.

The department said it had rolled out sanctions against 17 individuals and seven “entities,” including businesses associated with a member of the group.(bbc)…[+]