Cyber Threat Actor: Evaldas Rimasauskas
| Actor Type | Location | Known Incidents |
Criminal
|
Lithuania
|
2 incidents |
|---|
Profile
Evaldas Rimasauskasis a Lithuanian individual who has been identified as the perpetrator of a large‑scale fraud scheme targeting major technology companies. He operated under his real name and was charged by U.S. authorities for impersonating an Asia‑based manufacturer to deceive employees of Facebook and Google. Public records indicate he was active from at least 2013 until 2015, during which he orchestrated a series of deceptive communications that resulted in the transfer of more than one hundred million dollars to accounts under his control. His actions led to arrests and legal proceedings in the United States, and he is known solely as an independent actor with no publicly linked affiliations to state entities or criminal organizations.
The actor’s primary targets were U.S.-based internet firms operating in the technology sector, specifically those that regularly engaged in high‑value vendor transactions with Asian suppliers. His strategic objective was financial gain, achieved by convincing victim companies to remit funds for fictitious goods and services. The tactics described in open sources involve phishing emails that spoofed the appearance of legitimate correspondence from the purported Asian manufacturer, coupled with the creation and distribution of forged invoices, contracts and letters that falsely bore the signatures of company executives. These messages relied on social engineering techniques such as CEO fraud, where the requestor posed as a senior official to create urgency and bypass verification procedures. No malware families or custom tooling are referenced in the available material; the threat actor’s tooling consisted mainly of email spoofing, document forgery and persuasive language designed to manipulate internal payment processes.
The most notable publicly reported operation attributed to Rimasauskas is the multi‑year scheme that defrauded Facebook and Google of over $100 million, a case highlighted by both the Department of Justice and major news outlets. This campaign exemplifies his use of deceptive email domains and fabricated financial documents to exploit standard vendor‑management workflows. While the scam resulted in significant financial loss, the victim companies reported that they recovered the majority of the funds and cooperated with law enforcement, which contributed to his arrest and subsequent charges. No additional campaigns or broader criminal consortium ties have been documented in the sources provided.
