Feds take down cybercrime group that stole $100M

An international cybercrime network that used malware to steal an estimated $100 million from victims in the United States and Europe has been dismantled by the cooperation of the U.S. and multiple European countries, the Justice Department announced Thursday.

A federal grand jury in Pennsylvania formally indicted 10 members of the GozNym cybercrime network for conspiracy to infect victims’ computers with GozNym malware. This malware captured online banking credentials, which the group used to steal money from victims’ bank accounts. The Justice Department estimated the malware infected “tens of thousands” of computers worldwide. 

{mosads}The case involved what the Justice Department described as “unprecedented initiation of criminal prosecutions” against the defendants involved in the case, who live in Russia, Georgia, Ukraine, Moldova and Bulgaria. The U.S. government cooperated with Georgia, Ukraine, Moldova, Germany, Bulgaria, Europol and Eurojust to bring charges.

Five of the defendants named in the indictment are Russian nationals who “remain fugitives from justice,” according to the Justice Department. However, those that live in the countries other than Russia are being prosecuted in their respective countries.  

“This takedown highlights the importance of collaborating with our international law enforcement partners against this evolution of organized cybercrime,” FBI Pittsburgh Special Agent in Charge Robert Jones said in a statement. “Successful investigation and prosecution is only possible by sharing intelligence, credit and responsibility. Our adversaries know that we are weakest along the seams and this case is a fantastic example of what we can accomplish collectively.”

According to the indictment, the case was an example of “cybercrime as a service,” as the defendants advertised their program on Russian-language criminal forums, from which some of the members of the group were also recruited. Europol described the group as a “highly specialized and international criminal network.”

Among the victims of the GozNym malware attack were a law firm in Washington, D.C., a church in Texas, a provider of electrical safety devices in Rhode Island, and a distributer of medical devices in Germany that has a U.S. subsidiary provider in Florida.