Eduard Benderskiy, a former high-ranking officer within Russia’s intelligence services, has been publicly named and sanctioned by Western authorities for his critical role in supporting and protecting the notorious Evil Corp cybercrime group. The move marks a significant development in exposing ties between Russian state figures and the country’s vast cybercrime underworld. Benderskiy’s identification by the National Crime Agency (NCA), FBI, and Australian Federal Police solidifies the direct connection between Evil Corp’s activities and Russia’s intelligence apparatus, although officials emphasize that such cases remain exceptional.
Evil Corp’s Infamy and Benderskiy’s Role
Evil Corp, first sanctioned and indicted by the U.S. in 2019, has been responsible for a slew of high-profile cybercrimes, including deploying the GameOver Zeus and Dridex banking trojans. The group is believed to have stolen hundreds of millions of dollars from victims worldwide through a decade-long spree of cyberattacks. At the helm of Evil Corp is Maksim Yakubets, who has long been suspected of aiding the Russian government through cyber espionage. In 2019, Yakubets was charged with using his access to victims’ computers to obtain sensitive documents for Russia’s Federal Security Service (FSB), while simultaneously conducting criminal operations for personal gain.
Benderskiy, Yakubets’ father-in-law, has been described as a key figure in shielding the group from legal consequences in Russia. His extensive connections within the Russian state, particularly the FSB, have allowed Evil Corp to continue operating with relative impunity. Benderskiy’s influence became even more crucial following the 2019 sanctions, ensuring that Yakubets and other members of Evil Corp were not pursued by Russian authorities. Western officials have confirmed that Benderskiy used his influence within the Russian government to protect the group, effectively offering them a safe haven from prosecution.
Benderskiy’s ties to the Russian state are not merely speculative. Before his involvement with Evil Corp became widely known, he was a high-ranking officer in the KGB’s elite Vympel unit, a group now absorbed into the FSB’s Directorate V. His role within this unit focused on operations in challenging terrains such as mountainous and forested regions, and he served as a spokesperson for the group as recently as 2011.
Evil Corp and LockBit Connections
In conjunction with Benderskiy’s exposure, the NCA also revealed the identity of another key figure in Evil Corp, Aleksandr Ryzhenkov, who was sanctioned for his role in the organization. Ryzhenkov, known to be Yakubets’ right-hand man, has also been linked to the LockBit ransomware group, demonstrating how these cybercrime syndicates often operate across multiple platforms to maximize their reach. Ryzhenkov has been charged with deploying the BitPaymer ransomware to extort businesses across the United States, encrypting their data and demanding ransom payments for its release.
Benderskiy’s involvement with Evil Corp extends beyond just offering protection. A recent report from Western authorities revealed that Evil Corp, under Benderskiy’s guidance, has also been involved in conducting cyber espionage operations against NATO allies. While Benderskiy does not currently hold any formal position within the Russian security services, his relationships with key figures in the Kremlin remain intact, making him a highly connected individual who continues to play a role in state-related cyber operations.
A Broader Context: State-Criminal Nexus
The relationship between Russian intelligence services and cybercriminal groups like Evil Corp has long been a subject of concern for Western governments. While Russia’s constitution forbids the extradition of its citizens for crimes committed abroad, many observers argue that this legal stance has facilitated a culture of tacit support for cybercriminals, allowing them to flourish with minimal interference. Benderskiy’s case, however, demonstrates that this relationship goes beyond mere non-interference. In some instances, Russian state actors have been directly involved in shielding, if not actively enabling, the activities of cybercriminal organizations.
This isn’t the first time Russia’s security services have been linked to cybercrime. In 2017, two FSB officers were charged by the U.S. for coordinating with hackers to compromise Yahoo accounts. More recently, Western governments sanctioned Vitaly Kovalev, a senior member of the Trickbot group, for his ties to Russian intelligence. Such incidents highlight the growing concern that certain elements within the Russian state view cybercriminals not just as opportunists, but as assets capable of conducting offensive cyber operations against geopolitical adversaries.
Benderskiy’s Other Ventures: Hunting and Charity Ties
Beyond his role in the cyber underworld, Benderskiy has maintained a public persona as the president of the Club of Mountain Hunters (KGO-Club) in Russia. An avid trophy hunter, he has appeared on multiple hunting websites and videos, further cementing his status as a well-connected figure within Russia’s elite circles. His biography on the KGO-Club’s website reveals that he also operated a security company and a charity under the Vympel name.
However, his charitable endeavors are far from innocent. Investigative journalists at Bellingcat reported in 2020 that Benderskiy had used the Vympel charity to assist the FSB in the assassination of Zelimkhan Khangoshvili, a former Chechen platoon commander, in a Berlin park in 2019. The assassination, which shocked the international community, underscored how deeply embedded Benderskiy remains in Kremlin-sanctioned operations, even outside of his formal ties to Russian intelligence.
The Global Crackdown on Evil Corp
The identification of Benderskiy and Ryzhenkov as key players in Evil Corp comes as part of a broader international crackdown on the group. This week, the U.S., U.K., and Australia all expanded their financial sanctions regimes to include numerous members of Evil Corp and LockBit affiliates. In addition to the seven individuals and two entities sanctioned by the U.S. Treasury, the British government added 15 individuals to its cyber sanctions list, while Australia sanctioned three.
“These actions underscore our collective commitment to safeguard against cybercriminals like ransomware actors, who seek to undermine our critical infrastructure and threaten our citizens,” said Bradley Smith from the U.S. Treasury. The hope is that these coordinated sanctions will disrupt Evil Corp’s ability to operate, although the group has proven resilient in adapting its tactics in the past.
Looking Ahead: The Threat Persists
While Benderskiy’s public identification is a significant win for law enforcement, the fight against cybercrime is far from over. Evil Corp remains a dangerous and sophisticated organization, and the group’s ability to evade Russian authorities means that it will likely continue to pose a threat to global businesses and governments alike. Moreover, the group’s deep ties to the Russian state raise serious concerns about the Kremlin’s role in facilitating, if not directly enabling, cybercriminal operations.
As more details emerge, the international community must remain vigilant in its efforts to disrupt these criminal networks. The exposure of individuals like Eduard Benderskiy demonstrates that cybercrime is not a purely criminal enterprise—it is often intertwined with state-sponsored activities that seek to undermine the global order. The challenge now is ensuring that these actors are held accountable, no matter how deeply entrenched they are within the corridors of power.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
