2 min read

$100 million GozNym cybercrime network dismantled as suspects charged

Graham CLULEY

May 16, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
$100 million GozNym cybercrime network dismantled as suspects charged

Suspected members of the GozNym cybercrime network have been charged in relation to the organised and automated theft of tens of thousands of people’s sensitive personal and financial information.

The sophisticated conspiracy saw victims’ computers infected with the GozNym malware in order to steal online banking passwords, and funds stolen from compromised accounts and laundered to bank accounts around the world.

A US federal grand jury has charged ten men, and according to Europol other prosecutions have begun in Georgia, Moldova, and Ukraine.

The ten men charged by the United States district court in Pittsburgh are:

  • Alexander Konovolov (also known as “NoNe”, “none_1”)
  • Marat Kazandjian (also known as “phant0r11”)
  • Vladimir Gorin (also known as “Voland”, “mtv”, “fiddler”)
  • Gennady Kapkanov (also known as “Hennadiy Kapkanov”, “flux”, “ffhost”, “firestarter'”, “User41”)
  • Eduard Malanici (also known as “JekaProf”, “procryptgroup”)
  • Konstantin Volchkov (also known as “elvi”)
  • Ruslan Vladimirovich Katirkin (also known as “Stratos”, “Xen”)
  • Viktor Vladimirovich Eremenko (also known as “nfcorpi”)
  • Farkhad Rauf Ogly Manokhin (also known as “frusa”)
  • Alexander Van Hoof (also known as “a1666”)

The group were allegedly part of the cybercrime gang from October 2015 to around December 2016, working with other conspirators to steal money primarily from businesses and their financial institutions through the GozNym malware.

GozNym itself was a hybrid of two previously-discovered strains of malware: Gozi and Nymaim.

The leader of the conspiracy, Alexander Konovolov from Georgia, is said to have admitted controlling a 41,000-strong botnet of compromised computers infected with the GozNym malware. He then recruited other cybercriminals from underground, Russian-speaking online criminal forums.

This effort demanded specialist skills from a network of co-conspirators which included malware developers, crypters (who encrypted malware in an attempt to avoid detection from anti-virus software), spammers (to distribute the malware through email attachments or malicious links, posing as legitimate business emails), bulletproof hosters (who provided the infrastructure to keep servers online and out of the sight of law enforcement and security researchers), cashers (who moved funds out of victims’ bank accounts), and others who provided access to bank accounts into which stolen money could be dropped.

At a live-streamed news conference at Europol’s headquarters in The Hague, representatives from the United States, Germany, Ukraine, Georgia, Moldova, and Bulgaria described in detail how the malware operation had attempted their $100 million hack.

“It was truly the scope of this organization that made this campaign so dangerous,” Scott W. Brady, US attorney for the Western District of Pennsylvania, told the press conference. “We identified over 41,000 victims, unsuspecting citizens of European and North American countries who thought they were clicking on a simple invoice as part of their business. Instead, they were giving hackers access to their most personal and sensitive information.”

Clearly the gang were not keen to send an end of their criminal endeavours.

Prosecutor Dmytro Storozhuk described how during a house search in Ukraine, one suspect resisted arrest and actually shot at law enforcement officers. Fortunately, nobody was hurt.

The arrests of the gang are a direct consequence of December 2016’s takedown of Avalanche, a network of infrastructure used as a delivery platform to launch and manage global malware attacks and money mule recruiting campaigns.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Crypto Exchange Finds Location Data on Hacker, Recovers Some Stolen Funds Crypto Exchange Finds Location Data on Hacker, Recovers Some Stolen Funds
Silviu STAHIE

October 04, 2022

2 min read
German Police Arrest Three People Accused of Running Massive Phishing Campaign German Police Arrest Three People Accused of Running Massive Phishing Campaign
Silviu STAHIE

October 03, 2022

1 min read
Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths
Graham CLULEY

September 30, 2022

2 min read