$100m cyber-crime gang busted by US and European police
Prosecutions have been launched in Georgia, Moldova, Ukraine and the US over the malware scam, while five Russians remain on the run
The Hague — US and European police said on Thursday that they have smashed a huge international cyber-crime network that used Russian malware to steal $100m (€89m) from tens of thousands of victims worldwide.
Prosecutions have been launched in Georgia, Moldova, Ukraine and the US over the scam, while five Russians charged in the US remain on the run, the EU police agency Europol said.
The “organised crime network behind $100m in malware attacks” targeted “more than 41,000 victims, primarily businesses and their financial institutions”, Europol said.
Police in Germany and Bulgaria are also involved.
The cyber-gang used GozNym malware to infect victims’ computers, steal their online banking login details, then siphon money from their accounts. The stolen money was then laundered in US and other accounts.
Scott Brady, the US attorney-general for the western district of Pennsylvania where the US indictment was unsealed, said the operation was an “unprecedented” international effort.
“Unsuspecting European and American victims thought they were clicking on a simple invoice, but were instead giving hackers access to their most sensitive information,” Brady added.
The alleged leader of the GozNym criminal network, Alexander Konovolov of Tbilisi, who goes by the online name NoNe, was arrested in the former Soviet state of Georgia, the US department of justice said. His alleged technical assistant Marat Kazandjian, aka phant0m, was also arrested in Georgia.
'Fled to Russia’
Konovolov recruited hackers who advertised their services on “Russian-speaking online criminal forums”, and eventually controlled the malware-infected computers of more than 41,000 victims, Europol said.
The five Russians charged in the US include the alleged developer of the malware, identified as Vladimir Gorin, but they cannot be extradited because Russia does not send suspects abroad. Gorin “oversaw its creation, development, management and leasing to other cyber-criminals”, including the Georgian alleged leader of the group, Europol said.
One of the Russians, Viktor Eremenko, was arrested in Sri Lanka at the request of US authorities in 2017 but “through the intervention of the Russian government” was freed on bail, after which he fled to Russia.
Bulgarian Krasimir Nikolov was arrested and extradited to the US in 2016 and has already pleaded guilty to the charges in the indictment, the department of justice said.
Ukrainian police, meanwhile, arrested Gennady Kapkanov, also known as firestarter, on suspicion of hosting a so-called “Avalanche” network that provided services to more than 200 cyber-criminals including the Georgians.
He allegedly fired an assault rifle through the door of his apartment at police, the department of justice said.
Europol announced the smashing of the Avalanche network in a major operation in 2016, saying that it had infected half a million computers in 188 countries. The latest operation was a follow-up from that, Europol said.