The US Department of Justice along with US Department of State and UK's National Crime Agency pressed charges on two Russian nationals who were involved in a vast and long-running cybercrime spree that stole information from thousands of individuals and organizations in the country.
These two Russian nationals, Maksim V. Yakubets and Igor Turashev are charged with an effort that infected tens of thousands of computers with a malicious code called Bugat. Both accused have been indicted in the Western District of Pennsylvania on conspiracy to commit fraud, wire fraud and bank fraud, among other charges.
How Bugat works?
The Federal Bureau of Investigation (FBI) stated mentioned that after the installation of the malicious code, which is also called as Dridex or Cridex, it allowed the cybercriminals to violate the system security and steal banking credentials and funnel money directly out of victims' accounts.
It also includes a number of different code variants and the later version was also installed ransomware on a system which then allowed the attacker to demand payment in cryptocurrency for returning stolen data or restoring access to vulnerable systems.
The group extracted millions of dollars
It should be noted that the group stole almost tens of millions of dollars from victims, which includes a Pennsylvania school district that faced a loss of $999,000 and an oil company which lost more than two million dollars.
The agency along with State Department's Transnational Organized Crime Rewards Program announced a reward of up to five million dollars for information and it led the officers to the alleged mastermind of the scheme, Yakubets.
FBI Deputy Director David Bowdich said, "The actions highlighted today, which represent a continuing trend of cyber-criminal activity emanating from Russian actors, were particularly damaging as they targeted US entities across all sectors and walks of life."
The process of spreading the malware attack
As mentioned by FBI the co-conspirators distributed the malware via an email phishing campaign targeting businesses and organizations that have valuable computer systems. Victims were tricked to believe that the malicious link they have received via email was from a legitimate source. After downloading the attachment or clicking a link, the user's machine automatically downloads malicious code, which could spread to any networked computers.
According to FBI Supervisory Special Agent Steven Lampo said that the smaller piece of code can inject itself into the running processes of the machine and begin the process which allows the full suite of malware to load onto the machine or network. He also mentioned that the malware's creators were constantly creating new variants of the code to avoid antivirus tools.