Global malware gang busted
US and European law enforcement agencies say they have dismantled a global cybercrime network, which has used malware to steal banking login details in an attempt to steal from thousands of businesses.
A federal jury in Pittsburgh charged 10 members of the syndicate, and other prosecutions have begun in Georgia (pictured), Moldova and Ukraine.
The European Union’s law enforcement agency, Europol, said five Russians charged in the indictment were on the run, including the malware developer.
The action against the syndicate began in November 2016 with a German-led operation in Ukraine that dismantled the network’s servers and other infrastructure.
Prosecutions in Georgia have focussed on the network’s leader, who has not been identified.
Europol said the members were also spread across Moldova, Bulgaria, Ukraine and Russia, sending spear-phishing emails to infect computers with the GozNym malware, designed to capture login details.
“The GozNym network exemplified the concept of ‘cybercrime as a service’… money mules networks, crypters, spammers, coders, organisers and technical support,” Europol added.
The gang stole money from the bank accounts and laundered the funds.
“It was truly the scope of this organisation that made this campaign so dangerous,” Scott Brady, an attorney in Pennsylvania, told the media at Europol’s headquarters in The Hague.
In 2016 officials brought down the Avalanche network which provided online hosting services to some of the largest malware campaigns, including GozNym.
More than 41,000 victims “thought they were clicking on a simple invoice as part of their business”, Brady said. “Instead, they were giving hackers access to their most personal and sensitive information.”
Underground, Russian-language online forums recruited specialists who controlled computers infected with the GozNym malware.
The case highlighted how common the selling of underhand cyber-skills had become, said Professor Alan Woodward from the University of Surrey.
“The developers of this malware advertised their ‘product’ so that other criminals could use their service to conduct banking fraud.
“What is known as ‘crime as a service’ has been a growing feature in recent years, allowing organised crime gangs to switch from their traditional haunts of drugs to much more lucrative cyber-crime.”
In a Ukrainian house search a suspect resisted arrest by opening fire on officers, Ukraine’s prosecutor Dmytro Storozhuk said, adding that no one was injured.
The mastermind apparently comes from Georgia. Picture credit: IHA