Once considered the “most significant cybercrime threat in the world”, Evil Corp has been credited with spying on Nato allies at the behest of Russia’s intelligence services.

It also used phishing scams to pilfer more than US$100 million from a string of companies across dozens of countries, according to a 2019 US indictment.

Financial sanctions rolled out by the UK, the US and Australia jointly target Evil Corp figures such as Maksim Yakubets, the baby-faced leader of the hacking group.

But they also shed light on the tight-knit nature of the group’s operations, detailing a family tree that included Yakubets’ brother, cousins and father.

US Treasury sanctions released Tuesday named Eduard Benderskiy – a former Spetsnaz officer and Yakubets’ father-in-law – who was suspected of orchestrating “Evil Corp’s relationship with the Russian state”.

“Today’s sanctions send a clear message to the Kremlin that we will not tolerate Russian cyberattacks – whether from the state itself or from its cyber-criminal ecosystem,” UK foreign secretary David Lammy said.

Australian foreign minister Penny Wong added: “We are using all elements of our national power to make Australia more secure and to keep Australians safe.”

All three nations levelled sanctions against Aleksandr Ryzhenkov, a previously unknown hacker who the UK’s National Crime Agency linked to the prolific LockBit ransomware group.

LockBit was one of the major developers of malicious software that allows criminals to lock victims out of their networks, steal their data and demand a ransom for its return.