A major cybercriminal group ended up taken down and five suspects arrested during a coordinated investigation in Ukraine.
The action resulted in the arrest of five suspects, eight house searches in four different cities, and the seizure of computer equipment and other devices for forensic testing.
The aim of this joint investigation team (JIT) was to target cybercriminals and their accomplices suspected of developing, exploiting and distributing Zeus and SpyEye malware, as well as channeling and cashing-out the proceeds of their crimes.
The suspects used malware to attack online banking systems in Europe and beyond, adapting their sophisticated banking Trojans over time to defeat the security measures implemented by the banks, law enforcement officials said. Each cybercriminal had their specialty and the group was involved in creating malware, infecting machines, harvesting bank credentials and laundering the money through money mule networks.
On the digital underground forums, they actively traded stolen credentials, compromised bank account information and malware, while selling their hacking services and looking for new cooperation partners in other cybercriminal activities, law enforcement officials said.
This was a very active criminal group that worked in countries across all continents, infecting tens of thousands of users’ computers with banking Trojans, and subsequently targeted major banks, law enforcement officials said. The cost from the group is at least $2.23 million (€2 million).
“In one of the most significant operations coordinated by the agency in recent years Europol worked with an international team of investigators to bring down a very destructive cybercriminal group,” said Rob Wainwright, Director of Europol. “With our international partners, we are committed to fighting the threats brought about by malware and other forms of cybercrime, to realize safer technology infrastructures and online financial transactions for businesses and people the world over.”
“This case demonstrates that it is only possible to combat cybercrime in a successful and sustainable way if all actors — that means investigative judges and judicial authorities — coordinate and cooperate across the borders,’’ said Ingrid Maschl-Clausen, National Member of Austria to Eurojust.
The recent action was part of the wider investigation that was launched in 2013 by the JIT members (Austria, Belgium, Finland, the Netherlands, Norway and the United Kingdom), and facilitated by Europol and Eurojust. This latest arrest brings the total number of arrests in this operation to 60.
Europol has provided support to the investigation since 2013 including handling and analysis of terabytes of data, and thousands of files in the Europol Malware Analysis System; handling of thousands sensitive operational messages; production of intelligence analysis reports; forensic examination of devices; organization of operational meetings and bi-monthly international conference calls.
The enormous amount of data collected and processed during the investigation will now end up used to trace the cybercriminals still at large.