In 2020, various company networks in Germany came to a standstill: hackers had paralyzed the systems of, among other things, mattresses Concord, the Funke media group and the Düsseldorf University Hospital. The encryption required a logout from the emergency room, resulting in the death of one woman. The district of Anhalt-Bitterfeld even declared a disaster due to a hacker attack. In any case, the perpetrators demanded a high ransom to remove the installed malware.
Behind the attacks is apparently the Russian hacker group “Indrik Spider” or “Double Spider”. Investigators in Germany only recently managed to unmask the people behind the crime. The Russian Maksim Yakubets is said to have led the group. He is accused of years of hacker attacks. His compatriot Igor Turashev is said to have been involved as chief administrator. The State Criminal Police Office (LKA) NRW also suspects a certain Igor Garshin as one of the main people responsible.
Turashev and Garshin have been wanted by the LKA since June 2021, the international wanted notice was updated on March 6, 2023. Both are also on Europol’s “Europe’s Most Wanted” list. The wanted Irina Zemlianikina is said to have played another key role. The 36-year-old is accused of, among other things, publishing data from victims and sending phishing emails.
The first hacker attacks by the mastermind Yakubets, also known by the alias “Aqua”, date back to 2009. At that time he brought the US state of Kentucky more than 400,000 US dollars. In 2012, he was charged in the state of Nebraska with conspiracy to participate in organized crime, conspiracy to commit computer fraud and identity theft, aggravated identity theft and multiple counts of bank fraud. Yakubets is also allegedly the leader of the “Bugat” malware conspiracy, later renamed “Cridex” and then “Dridex”.
Finally, Yakubets headed the Russian hacker network “Evil Corp”. It used the Bugat trojan to obtain victims’ banking information. The fraud network’s first hacking attack was recorded in May 2017 and targeted the UK healthcare system. “Evil Corp” finally published secret data from 200 companies, including those from the US defense sector. Then “Evil Corp” apparently went into “Double Spider” – among others with the leaders Turashev as chief administrator and Garshin.
Those mainly responsible, Yakubets and Turashev, are said to have been involved in hacking attacks on tens of thousands of computers in the USA and Europe. In the US alone, they are said to have stolen an estimated $70 million. The Russian media dubbed Yakubets the “$100 million thief.” In 2019 he was finally charged together with his partner Turashev in the US state of Pennsylvania. Prosecutor Scott W. Brady said in late 2019, “For more than a decade, Maksim Yakubets and Igor Turashev ran one of the most sophisticated transnational cybercrime syndicates in the world.” An arrest warrant was issued for the two hackers, and the FBI put them on the wanted list. In addition, a bounty of five million US dollars was placed on both of them.
In addition, the hacker network is said to have rented out its malware to other hacker gangs. According to the US Treasury Department, Yakubets is said to have worked for the Russian secret service FSB for several years. In the US, it is even believed that the FSB hires hackers to attack foreign targets. An analysis by the US think tank Atlantic Council came to the conclusion that Moscow allows cybercriminals under a “social contract” if their attacks are directed abroad. NRW Minister of the Interior Herbert Reul said about the activities of “Double Spider” that the assumption was “that they were at least tolerated by the state”.
Yakubets is also said to have hired for the Russian news sector. Last but not least, the 35-year-old is said to have a good relationship with Kremlin spokesman Dmitry Peskov. He is now married to the daughter of a former senior officer in the Russian FSB secret service. The wedding celebration took place in 2017 of all places in Crimea, which was annexed by Russia.
According to the current findings of the investigators, the hacker gang around Yakubets and Turashev blackmailed a good 600 victims worldwide, in Germany there are almost 40 companies. Ransoms in the tens of millions were often paid. The hunt for the hackers is ongoing worldwide. Last Wednesday, the ZDF program “Aktenzeichen XY” dealt with the case. Witnesses are asked to report information about the wanted hackers to the police. The LKA is looking for people who may have seen the suspects after February 28, 2023.
Sources: BKA, FBI, Focus, Europol, ZDF, US Department of Justice