The group of criminal hackers who stole 100 million US dollars from GozNym malware has been dismantled by Europol and the United States Department of Justice, the organizations said Thursday.
About ten people are involved in this case, but only five of them have been arrested so far. The other five people, all Russian nationals, are wanted by the Federal Bureau of Investigation (FBI).
The suspects are accused of conspiring to infect computers with GozNym malware in order to unduly obtain the bank details of their victims and then steal money from them. The 10 individuals also face money laundering charges.
An eleventh person has already been arrested and extradited to the United States in 2016. She pleaded guilty in April to the charges against her.
An international criminal organization
The network structure behind GozNym was complex and took advantage of each member’s specialties, all carefully recruited by the group’s Georgian leader.
The defendants allegedly offered their services and specialized technical expertise online, on marginal Russian forums, according to Europol. This is where the leader of the organization and his assistant recruited them to start their operation.
Specialists in cryptography, spam, hosting, bank fraud and money laundering were recruited by the group.
A sophisticated attack
With the help of these experts, GozNym spread through phishing attacks: emails designed to look like legitimate messages but containing a trapped link or attachment. When victims clicked on the link, they were redirected to a site that was installing malicious software on their device. The malware was encrypted to go unnoticed by anti-virus systems. The police said they counted more than 41,000 victims.
Once infected, these devices transmitted information to the criminal group through a “bulletproof” hosting service, a service that gave little importance to the activities of its clients. Bulletproof accommodation is known to be used by criminals, and the one used by the group behind GozNym, the Avalanche Network, also served more than 200 criminals.
Once the GozNym organization took control of the bank information of its victims, group specialists seized the account and initiated wire transfers. Finally, money laundering criminals transferred funds into or out of accounts before redistributing them to the network.
Europol and the US Department of Justice were assisted by Bulgarian, German, Georgian, Moldovan and Ukrainian police forces in their investigation.
“This operation demonstrates how an international effort to share evidence and initiate criminal prosecution can lead to successful operations in multiple countries,” Europol said in a statement.