2 min read

$100 million GozNym cybercrime network dismantled as suspects charged

Graham CLULEY

May 16, 2019

$100 million GozNym cybercrime network dismantled as suspects charged

Suspected members of the GozNym cybercrime network have been charged in relation to the organised and automated theft of tens of thousands of people’s sensitive personal and financial information.

The sophisticated conspiracy saw victims’ computers infected with the GozNym malware in order to steal online banking passwords, and funds stolen from compromised accounts and laundered to bank accounts around the world.

A US federal grand jury has charged ten men, and according to Europol other prosecutions have begun in Georgia, Moldova, and Ukraine.

The ten men charged by the United States district court in Pittsburgh are:

  • Alexander Konovolov (also known as “NoNe”, “none_1”)
  • Marat Kazandjian (also known as “phant0r11”)
  • Vladimir Gorin (also known as “Voland”, “mtv”, “fiddler”)
  • Gennady Kapkanov (also known as “Hennadiy Kapkanov”, “flux”, “ffhost”, “firestarter'”, “User41”)
  • Eduard Malanici (also known as “JekaProf”, “procryptgroup”)
  • Konstantin Volchkov (also known as “elvi”)
  • Ruslan Vladimirovich Katirkin (also known as “Stratos”, “Xen”)
  • Viktor Vladimirovich Eremenko (also known as “nfcorpi”)
  • Farkhad Rauf Ogly Manokhin (also known as “frusa”)
  • Alexander Van Hoof (also known as “a1666”)

The group were allegedly part of the cybercrime gang from October 2015 to around December 2016, working with other conspirators to steal money primarily from businesses and their financial institutions through the GozNym malware.

GozNym itself was a hybrid of two previously-discovered strains of malware: Gozi and Nymaim.

The leader of the conspiracy, Alexander Konovolov from Georgia, is said to have admitted controlling a 41,000-strong botnet of compromised computers infected with the GozNym malware. He then recruited other cybercriminals from underground, Russian-speaking online criminal forums.

This effort demanded specialist skills from a network of co-conspirators which included malware developers, crypters (who encrypted malware in an attempt to avoid detection from anti-virus software), spammers (to distribute the malware through email attachments or malicious links, posing as legitimate business emails), bulletproof hosters (who provided the infrastructure to keep servers online and out of the sight of law enforcement and security researchers), cashers (who moved funds out of victims’ bank accounts), and others who provided access to bank accounts into which stolen money could be dropped.

At a live-streamed news conference at Europol’s headquarters in The Hague, representatives from the United States, Germany, Ukraine, Georgia, Moldova, and Bulgaria described in detail how the malware operation had attempted their $100 million hack.

“It was truly the scope of this organization that made this campaign so dangerous,” Scott W. Brady, US attorney for the Western District of Pennsylvania, told the press conference. “We identified over 41,000 victims, unsuspecting citizens of European and North American countries who thought they were clicking on a simple invoice as part of their business. Instead, they were giving hackers access to their most personal and sensitive information.”

Clearly the gang were not keen to send an end of their criminal endeavours.

Prosecutor Dmytro Storozhuk described how during a house search in Ukraine, one suspect resisted arrest and actually shot at law enforcement officers. Fortunately, nobody was hurt.

The arrests of the gang are a direct consequence of December 2016’s takedown of Avalanche, a network of infrastructure used as a delivery platform to launch and manage global malware attacks and money mule recruiting campaigns.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

The Perils of Online Dating: Spotting Romance Scammers Before They Break Your Heart and Your Bank Account The Perils of Online Dating: Spotting Romance Scammers Before They Break Your Heart and Your Bank Account
Alina BÎZGĂ

August 05, 2021

3 min read
Google Fixes Five High-Severity Flaws in Chrome 92 for Windows, Mac and Linux Google Fixes Five High-Severity Flaws in Chrome 92 for Windows, Mac and Linux
Filip TRUȚĂ

August 05, 2021

1 min read
Google Drops All Support for Android 2.3.7 and Older Google Drops All Support for Android 2.3.7 and Older
Silviu STAHIE

August 04, 2021

1 min read