A global network of cyber criminals accused of stealing $100 million from more than 41,000 victims around the world using Russian malware has been dismantled, according US and European police sources.
The GozNym malware was designed to capture online banking login information, allowing the hackers to steal money mostly from business and financial institutions. The money was then laundered using bank accounts controlled by the network.
Authorities in Georgia, Ukraine, Moldova and the United States have opened judicial investigations, the European police cooperation agency Europol said at a press conference in The Hague on Thursday.
Five Russians wanted in connection with the investigations are on the run.
Described by law enforcement as a “highly specialized international criminal network,” GozNym recruited members to Russian-speaking underground forums. The participants sent phishing emails that appeared legitimate, but contained malicious links and attachments that downloaded GozNym to the victims’ computers.
The victims of the crimes were mainly American companies and their financial institutions, including a law firm in Washington, DC; a church in Southlake, Texas; an association for people with disabilities; a casino in Gulfport, Mississippi, and a stud farm in Midway, Kentucky.
Among the five Russians still wanted is the creator of the malware, Vladimir Gorin, who “supervised its creation, its development, its management and its rent to other cybercriminals”, according to Europol.
The alleged leader of the network, Alexander Konovolov, 35, who used the pseudonym “None” was arrested in Georgia.
A Bulgarian citizen, Krasimir Nikolov, was arrested and extradited to the United States in 2016 and has pleaded guilty, the Justice Department reported.
In Ukraine, police detained Gennady Kapkanov, 36, known as “firestarter”, suspected of managing an online network known as “Avalanche” that provided services to more than 200 cybercriminals.
Europol dismantled “Avalanche” in 2016, after the criminal network managed to infect half a million computers in 188 countries.
In a statement Europol said that: “The GozNym network exemplified the concept of “cybercrime as a service,” with different criminal services such as bulletproof hosters, money mules networks, crypters, spammers, coders, organizers, and technical support.”
“This operation showcases how an international effort to share evidence and initiate criminal prosecutions can lead to successful operations in multiple countries,” Europol said.