June 26, 2019

Goznym malware: cybercriminal network dismantled in international operation

An unprecedented, international law enforcement operation has dismantled a complex, globally operating and organised cybercrime network. The criminal network used GozNym malware in an attempt to steal an estimated $100 million from more than 41 000 victims, primarily businesses and their financial institutions.

A criminal Indictment returned by a federal grand jury in Pittsburgh, USA charges ten members of the GozNym criminal network with conspiracy to commit the following:

  • infecting victims’ computers with GozNym malware designed to capture victims’ online banking login credentials;
  • using the captured login credentials to fraudulently gain unauthorised access to victims’ online bank accounts;
  • stealing money from victims’ bank accounts and laundering those funds using U.S. and foreign beneficiary bank accounts controlled by the defendants.    

Over the course of the international operation, searches were conducted in Bulgaria, Georgia, Moldova and Ukraine. Criminal prosecutions have been initiated in Georgia, Moldova, Ukraine and the United States.

This operational success is a result of the international law enforcement cooperation between participating EU Member States (Bulgaria and Germany) as well as Georgia, Moldova, Ukraine and the United States (in alphabetical order). Europol, the European Agency for Law Enforcement Cooperation as well as Eurojust, the European Union’s Judicial Cooperation Unit supported the case. This operation showcases how an international effort to share evidence and initiate criminal prosecutions can lead to successful operations in multiple countries.

The GozNym network exemplified the concept of “cybercrime as a service,” with different criminal services such as bulletproof hosters, money mules networks, crypters, spammers, coders, organizers, and technical support.

The defendants advertised their specialised technical skills and services on underground, Russian-speaking online criminal forums.  The GozNym network was formed when these individuals were recruited from the online forums by the GozNym leader who controlled more than 41 000 victim computers infected with GozNym malware.

The leader of the GozNym criminal network, along with his technical assistant, are being prosecuted in Georgia by the Prosecutor’s Office of Georgia and the Ministry of Internal Affairs of Georgia.

More information at: https://www.europol.europa.eu/newsroom/news/goznym-malware-cybercriminal-network-dismantled-in-international-operation. 

Comments are closed.