Russian National Pleads Guilty Of Conspiracy To Introduce Malware Into U.S. Company’s Computer Network

March 19, 2021

By Anand Vasu

Egor Igorevich Kriuchkov pleaded guilty in federal court on March 18 for conspiring to travel to the U.S. to recruit an employee of a Nevada company into a scheme to introduce malicious software into the company’s computer network.

Kriuchkov, a Russian national, conspired with others to recruit an employee of a large U.S. company to transmit malware provided by the conspirators into the company’s computer network. 

Once the malware was installed, Kriuchkov and his co-conspirators planned to use it to exfiltrate data from the network and then extort the company.

Kruichkov travelled from Russia to California through New York, and, in August 2020, made several trips to Nevada to try and entice the employee to participate in his fraudulent scheme.

Kruichkov promised to pay the employee in Bitcoin once the malware was introduced into the network.

However, the employee reported the advance and the employers in turn contacted the Federal Bureau of Investigation, who thwarted the scheme.

“The swift response of the company and the FBI prevented a major exfiltration of the victim company’s data and stopped the extortion scheme at its inception,” said Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division. “This case highlights the importance of companies coming forward to law enforcement, and the positive results when they do so.”

This is only the latest instance of a Russian individual attempting to use malware as a disruptive tool. In December last year, the Department of Justice offered a reward of $5m for information leading to the arrest or conviction of Maksim V. Yakubets.

It is alleged that Yakubets, known online as aqua, had indulged in a decade-long campaign of hacking that had led to losses to the tune of tens of million dollars. 

Yakubets was part of a network that called itself “Evil Corp,” an organization that had stolen approximately $100 million from businesses and individuals. The organization used a network of money mules to withdraw these fraudulent transactions before banks could catch on, and wire this money to three beneficiaries, minus a small commission, according to this KrebsOnSecurity report.

At the same time, the Justice Department also indicted Igor Turashev for his part in the Bugat malware conspiracy.

Bugat malware was designed to automate the theft of confidential personal and financial information, such as online banking credentials and also facilitated the theft of confidential personal information.

In November last year, U.S. Cyber Command exposed eight new malware samples that were of the ComRAT and Zebrocy families, something that has been used by Russian hackers for years. 

The purpose of making the public aware of these forms of malware was to allow security specialists within organizations to come up with detection mechanisms.

The November 2020 expose was the first time US Cyber Command had officially linked ComRat and Zebrocy malware to the Russian government’s cyber espionage units.

The indictments of Russian nationals for the use of malware was not limited to financial crime, or crimes motivated by profit alone. In 2019, indictments were handed out against six members of the Russian Main Intelligence Directorate (GRU) for engaging in computer intrusions, and attacks intended to support Russian government efforts to undermine or destabilize Ukraine, Georgia; and elections in France.

Perhaps the most infamous instance was the SolarWinds hack of 2020, one of the largest of its kind, targeted against the U.S. government, its agencies, and several other private companies. 

In this attack, some 18,000 users of software produced by SolarWinds were affected and U.S. cyber agencies blamed Moscow for the attacks.

An investigation into the malware used in the attack, conducted by cyber-security company Kaspersky confirmed the allegation by analyzing code used in the attack with code that had been previously deployed by Russian hackers.