The State Department and FBI announced a reward of up to $5 million for information leading to the arrest of Yakubets, the largest U.S. reward for a cyber-criminal.

The Treasury Department also announced sanctions against Moscow-based Evil Corp, the Russian cybercriminal organization responsible for developing and distributing the malware, dubbed Bugat, deployed globally by Yakubets. The department said it was working to shut down the group and sweep up the illicit “money mule” network used to transfer its stolen funds, sanctioning numerous other Evil Corp leaders and facilitators.

The department also revealed Yakubets was being sanctioned for his connections to Russian intelligence. Authorities said he worked for Russia’s Federal Security Service, the successor agency to the KGB, as recently as 2017, carrying out cyber operations for the Kremlin.

“Maksim Yakubets allegedly has engaged in a decade-long cybercrime spree that deployed two of the most damaging pieces of financial malware ever used and resulted in tens of millions of dollars of losses to victims worldwide,” said Assistant Attorney General Brian Benczkowski. “These two cases demonstrate our commitment to unmasking the perpetrators behind the world’s most egregious cyberattacks.”

DOJ also announced charges against another Russian national, Igor Turashev, 38, for his role in the malware scheme.

Both men remain at large.

A 24-page criminal complaint details 10 charges against Yakubets and Turashev, including conspiracy, computer hacking, wire fraud, and bank fraud. It shows how the duo used sophisticated malware and other cyberattacks to steal millions of dollars, some of it as recently as March. A separate 32-page fraud indictment recounts how, beginning in May 2009, Yakubets and at least six other Russian and Ukrainian co-conspirators used “Zeus” malware to successfully steal more than $70 million from bank accounts in at least a dozen states.