Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner. Facebook Messenger An icon of the facebook messenger app logo. Facebook An icon of a facebook f logo. Facebook Messenger An icon of the Twitter app logo. LinkedIn An icon of the LinkedIn logo. WhatsApp Messenger An icon of the Whatsapp messenger app logo. Email An icon of an mail envelope. Copy link A decentered black square over a white square.

REVEALED: ‘World’s most harmful’ hackers from Russia accused of Tartan Army and NHS Scotland attacks

Maksim Viktorovich Yakubets
Maksim Viktorovich Yakubets

A team of Russian hackers branded the world’s “most harmful cyber crime group” has been accused of carrying out malware attacks which targeted Scottish football fans and caused chaos at NHS health boards.

An unprecedented collaboration between the National Crime Agency (NCA), the FBI and the National Cyber Security Centre has exposed the lavish lifestyle of the man allegedly behind Evil Corp, a group that created and deployed malware causing hundreds of millions of pounds of financial damage in the UK.

Maksim Yakubets, 32, has been indicted in the United States in relation to two separate international computer hacking and bank fraud schemes, which employed dozens of people working from the basement of Moscow cafes.

Evil Corp targeted the UK for almost a decade with multiple strains of damaging malware which defrauded and stole money from the bank accounts of members of the public and businesses.

A dedicated NCA team began working in 2014 with multiple partners to investigate one of the group’s core malware strains, Dridex – a banking trojan delivered via malicious email attachments in an attempt to steal account details.

The wanted poster of Maksim Viktorovich Yakubets, also known as AQUA

The Scottish Football Association apologised in late 2016 after thousands of members of the Scotland Supporters Club were sent a scam email asking them to click a link and make a payment of £170.

It later emerged hackers infiltrated a third-party database to harvest fans’ email records and then sent the message in an attempt to deliver the malicious Dridex software.

Just months later, health bosses were forced to cancel operations and appointments after 11 of Scotland’s 14 NHS health boards were hit by malware linked to IT attacks around the world.

The incident, which NHS Tayside confirmed affected 10 GP practices and also caused disruption in Fife, saw health boards across the country hit with a new variant of the ransomware Bitpaymer – also known as FriedEx.

The programme encrypts the data it finds on a host computer so it can no longer be accessed and then demands payment for its release. The attack left some medical centres unable to access patient records.

A 2018 investigation by leading security software firm ESET found Bitpaymer is also the work of Dridex authors Evil Corp but was designed to specifically target high profile organisations and companies.

NCA director general Lynne Owens said: “The significance of this group of cyber criminals is hard to overstate; they have been responsible for campaigns targeting our financial structures with multiple strains of malware over the last decade.

“We are unlikely to ever know the full cost but the impact on the UK alone is assessed to run into the hundreds of millions.

“It is our assessment that Maksim Yakubets and Evil Corp – the cyber crime group he controls – represent the most significant cyber crime threat to the UK.”

A police officer speaking to Maksim Yakubets, 32, from Moscow, accused of running the world’s most harmful cyber crime groug

In 2016, security firm Symantec assessed Dridex was set up to target the customers of nearly 300 different organisations in over 40 countries.

Yakubets – who drives a customised Lamborghini with a personalised number plate that translates to ‘thief’ and uses the online moniker ‘Aqua’ – is now subject to a $5 million US State Department reward, the largest ever offered for a cyber criminal.

If he ever leaves Russia, he will be arrested and extradited to the US.

Fellow Russian Igor Turashev, 38, who is Yakubets’ administrator and controls the Dridex malware, has also been indicted for cyber crime offences. Another operation in 2015 led to the arrest of Andrey Ghinkul, a Dridex distributor known as ‘Smilex’.

Investigations in the UK by the NCA and the Metropolitan Police have targeted Yakubets’ network of money launderers who have funnelled profits back to Evil Corp. Eight people have been sentenced to a total of over 40 years in prison.

Intelligence provided by the NCA has also been used to support sanctions brought by the US Treasury Department’s Office of Foreign Asset Control against Evil Corp, Yakubets, Turashev and 21 associated entities.

As a result of these designations, any property under US jurisdiction held by those subject to sanction has been blocked and US persons are prohibited from engaging in transactions with them.


Cyber security expert warns hackers may have targeted NHS health boards intentionally

Dr Xavier Bellekens from Strathclyde University

A leading cyber security and privacy expert has warned hackers may have intentionally targeted NHS health boards due to their large numbers of employees.

Dr Xavier Bellekens, from Strathclyde University, pointed to techniques used by groups to attempt to gain access to an organisation’s IT system by targeting a significant portion of its users at one time.

He said: “All of these groups create multiple malware. They are spread in the wild so some of the attacks are coordinated and others less so.

“In many cases, they decide their targets consciously. So if the NHS was a target, there would be a reason they were targeted.

“The NHS is a very large body so there are a lot of people who may open an attachment without being aware.”

Dr Bellekens, a former Abertay University lecturer, said organisations in Scotland and throughout the UK have invested heavily in cyber security but may be a particular target because so many individuals speak English as a second language.

“Universities have been targeted by similar schemes in the past,” he said.

“They try to get as many email addresses as possible and they send a bulk email in the hope one of us will click on the link.

“From what I understand, the NHS attack used a bulk email approach as well.”

Dr Bellekens added: “It’s always a game of chasing the next hacker. It’s important we take a stand to stop them.

“Over the years we’ve learned techniques such as ethical hacking – and I would use Abertay University as a good example of that – so businesses can be provided with people who understand the techniques of hackers.

“Through that and organisations attending cyber security training, I think we are far better placed against this kind of thing.

“So in my view, when the FBI and NCA come down on those hackers, they are always making the right step forward.”