US and European police said Thursday they have smashed a huge international cybercrime network that used Russian malware to steal $100 million (89 million euros) from tens of thousands of victims worldwide. Prosecutions have been launched in Georgia, Moldova, Ukraine and the United States over the scam, while five Russians charged in the US remain on the run, the EU police agency Europol said.
The "organised crime network behind $100 million in malware attacks" targeted "more than 41,000 victims, primarily businesses and their financial institutions," Europol said. Police in Germany and Bulgaria were also involved.
The cyber gang used GozNym malware to infect victims' computers, steal their online banking login details and then siphon money from their accounts. The stolen money was then laundered in US and other accounts. Scott Brady, the US Attorney General for the western district of Pennsylvania where the US indictment was unsealed, said the operation was an "unprecedented" international effort.
"Unsuspecting European and American victims thought they were clicking on a simple invoice, but were instead giving hackers access to their most sensitive information," Brady added. The alleged leader of the GozNym criminal network, Alexander Konovolov, 35, of Tbilisi, who goes by the online name "NoNe", was arrested in the former Soviet state of Georgia, the US Department of Justice said.
His alleged technical assistant Marat Kazandjian, 31, aka "phant0m," was also arrested in Georgia. Konovolov recruited hackers who advertised their services on "Russian-speaking online criminal forums", and eventually controlled the malware-infected computers of more than 41,000 victims, Europol said. The five Russians charged in the US included the alleged developer of the malware, identified as Vladimir Gorin, but they cannot be extradited because Russia does not send suspects abroad.
Gorin "oversaw its creation, development, management and leasing to other cyber criminals" including the Georgian alleged leader of the group, Europol said. One of the Russians, Viktor Eremenko, was arrested in Sri Lanka at the request of US authorities in 2017 but "through the intervention of the Russian government" was freed on bail, after which he fled to Russia. Bulgarian Krasimir Nikolov was arrested and extradited to the United States in 2016 and has already pleaded guilty to the charges in the indictment, the DOJ said.
Ukrainian police meanwhile arrested Gennady Kapkanov, 36, also known as "firestarter", on suspicion of hosting a so-called "Avalanche" network that provided services to more than 200 cybercriminals including the Georgians. He allegedly fired an assault rifle through the door of his apartment at police, the DOJ said.
Europol announced the smashing of the Avalanche network in a major operation in 2016, saying that it had infected half a million computers in 188 countries. The latest operation was a follow-up from that, Europol said.