When Maksim Yakubets married the daughter of a former high-ranking officer of the Russian secret service FSB in 2017, the then 30-year-old hacker really let it rip in a posh hotel on the annexed Crimean Peninsula. Champagne, vodka, caviar, expensive suit, neat haircut. The man, dubbed the “$100 million thief” in Russian media, was already cultivating an extravagant lifestyle back then.
The suspected cyber gangster had a special fondness for Italian Lamborghini sports cars. The number plates on his luxury car only had one Russian word: “BOP”. Translated this means: thief.
In November 2019, the US federal police issued the super hacker with an international manhunt. The digital profile lists five million US dollars for his capture. A record sum for suspected online criminals.
Russian hacker paralyzed German companies with ransomware
As FOCUS online learned from investigators, the native Ukrainian also plays a major role in an extensive cyber thriller in NRW. The investigations lead from Moscow’s news service FSB to the Russian mercenary group Wagner.
Chief hacker Yakubets is said to be leading a group that had blackmailed numerous institutions and companies in the Rhine and Ruhr and paralyzed them with malware (ransomware). For example, the Funke media group and the university clinic in Düsseldorf in 2020 to force a ransom.
Through concerted investigations between Europol, the FBI, the Dutch and the Ukrainian police, the local State Criminal Police Office and the central contact point for cybercrime (ZAC) of the Cologne public prosecutor’s office were able to unmask the group called “DoppelSpider” that was behind the hacker attacks.
Since the attack on the British healthcare system in May 2017, investigators have counted 600 victims, some of whom have paid tens of millions. At the end of February, prosecutors in North Rhine-Westphalia and Ukraine rummaged through objects belonging to accomplices of the heads of the hacker network. At the same time, the ZAC is searching for three key figures of the “DoppelSpider” group with an international arrest warrant and a public search. First and foremost Igor Turashev (41).
From the basements of Russian cafes, the hackers even targeted the FBI
For years he acted as chief administrator for the super hacker Yakubets. The US Department of Justice had published an indictment against the two masterminds in 2019. It’s about bank fraud and extortion. According to this, the cyber gangsters are said to have swindled 70 million US dollars in the USA. The Sharon City School District in Pennsylvania alone paid a ransom of one million US dollars in order to be able to restart the IT systems. Penneco Oil’s bank transferred $2.1 million, according to the US indictment.
The cyber scammers started in 2009. The Washington Post reported on a hacker group that had stolen $415,000 from the state treasury in Kentucky. At the time, Yakubets operated under the nickname “Aqua” on the network. He reacted indignantly at the discovery: “You described the whole scheme. Bastards… really pisses me off.”
Ten years later, according to the US indictment, Yakubets led the Russian hacker syndicate Evil Corp, which used a new Trojan called Bugat to plunder bank accounts on a large scale. His chief administrator Turashev is said to have been there too. According to the FBI, dozens of accomplices sent phishing emails containing malware from the basements of Russian cafes.
This malware recorded all keystrokes in order to obtain online banking passwords. The group also lured its victims to fake bank websites to siphon off login credentials. The stolen funds disappeared into dark channels or were laundered through middlemen in the UK. Through a third line of business, Evil Corp leased its malware to other gangs.
Shortly before the Russian attack, he took part in the Wagner group’s hacker competition
Later, the main players Yakubets and Turashev apparently developed new programs to act more in Germany. According to the US Treasury Department, Yakubets had been working for the Russian FSB secret service for almost six years. Accordingly, the hacker is said to have carried out appropriate cyber operations and procured secret documents.
Evil Corp, for example, published secret data from 200 companies, including information from the US defense sector. Yakubets is also said to have recruited cybercriminals for the Russian intelligence service. At the same time, he is said to have good relations with Dimitri Peskov, the press spokesman and one of the biggest agitators of the Kremlin autocrat Vladimir Putin.
From the “Evil Corp” cyber gang apparently emerged the “DoppelSpider” troupe. The investigators have so far been able to identify three leading figures: Igor Turashev as the chief administrator. Shortly before the Russian invasion of Ukraine, he took part in a hacking competition run by the Wagner mercenary unit. Irina Zemlianikina led the negotiations with the blackmailed online victims. According to the NRW-LKA, Igor Garshin is suspected of being “one of the main people responsible for the cyber attacks, not least on German companies, through spying out, infiltrating and the final encryption of data.”
The number of Russian cyber attacks continues to grow
The case points to an explosive connection that is causing increasing concern to the German security authorities. The number of state-controlled Russian cyber attacks is growing rapidly. According to the industry service Bitkom, 36 percent of online attacks on German companies last year can be traced back to Russian cyber actors. State-funded front companies, private online gangsters and so-called patriotic hackers are involved.
Subversive sabotage operations via the Internet in Western Europe have been part of Moscow’s business for years. According to US findings, the Russian FSB specifically recruits cybercriminals to use on foreign targets.
Security experts note a mix between state-directed sabotage in Western Europe and autonomous, condoned hackers cooking their own soup to extort millions.
Germany is also looking for the hackers – they are suspected to be in Russia
According to an analysis by the US think tank Atlantic Council, the Kremlin gives cyber gangsters free rein under a “social contract”, as long as they focus on foreign targets. In essence, it is all about weakening the enemy abroad, they say.
The extortion group “DoppelSpider” was probably one of them. At least NRW Interior Minister Herbert Reul harbors this suspicion: “Even if the deeds served personal enrichment, it is reasonable to assume that they were at least tolerated by the state.” be,” states the CDU politician.
In the meantime, the local prosecutors are also looking worldwide for the hacker greats Turashev & Co. The cyber gangsters apparently know they are safe. The judicial authorities suspect that the wanted persons are in Russia. Extradition seems impossible.
