U.S., EU Officials Stop $100 Million Cyberattack
Global crime ring developed malware to steal banking login details, then initiate wire transfers from thousands of businesses.
U.S. and European law enforcement officials said on Thursday that they had dismantled a global organized cybercrime network, which used malware to steal banking login details in an attempt to pocket about $100 million from thousands of businesses.
A federal grand jury in Pittsburgh charged 10 members of the network, and other criminal prosecutions have begun in Georgia, Moldova, and the Ukraine, the European Union’s (EU’s) agency for law enforcement cooperation Europol said in a statement. Five Russian nationals charged in the indictment are on the run, the agency said, including the developer of the malware.
In what Europol called a “highly specialized and international criminal network,” the members—spread across Georgia, Moldova, Bulgaria, Ukraine, and Russia—sent spear-phishing emails to infect computers with malware, dubbed GozNym, designed to capture login details. That allowed the members to steal money from the bank accounts and launder the funds using U.S. and foreign bank accounts.
The network formed after members each advertised their technical skills and services on underground, Russian-speaking online forums and were then recruited by the group’s leader, who controlled more than 41,000 computers infected with the GozNym malware. The accomplices used encryption techniques so the malware could avoid detection by antivirus tools and protective software, Europol said.
Once infected, money was then wired to other accounts or withdrawn from ATMs in order to be distributed to members of the network.
Officials from Bulgaria, Germany, Georgia, Moldova, Ukraine, and the United States shared evidence to track down the alleged criminals and were supported by Europol and Eurojust, the EU’s judicial cooperation unit.
Copyright 2019 Bloomberg. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.