Police in six countries have dismantled a cybercrime ring based in Eastern Europe that stole $100 million from thousands of victims worldwide. The GozNym malware was delivered via email to unsuspecting users.
A complex cybercrime network that operated from Eastern Europe and fleeced victims — including small businesses and charities — of some $100 million has been "dismantled" by police from the US, Georgia, Ukraine, Germany, Bulgaria and Moldova. European law enforcement agency Europol announced the operation's success on Thursday.
The GozNym network, led by a man from Tbilisi, Georgia, used "phishing" emails to infect computers of more than 41,000 victims with malware. The emails were designed to appear legitimate to entice the victim recipients into opening them and clicking on a malicious link or attachment that facilitated the downloading of GozNym onto the victims' computers.
Then specialized members of the group in Bulgaria and Ukraine seized control of victims' online bank accounts and transferred their funds to laundering accounts.
Ten of the network's members have been charged with conspiracy to steal online banking credentials and deposits under a US grand jury indictment.
"The victims included [small] businesses, law firms, international corporations... nonprofit organizations that worked with disabled children," US Attorney Scott Brady told a news conference in The Hague.
Brady said the collaboration between law enforcement officials that was required to dismantle the crime group would prove a "blueprint" for future operations.
The alleged leader of the GozNym criminal network, Alexander Konovolov, 35, of Tbilisi, who used the online name "NoNe," was arrested in Georgia, the US Department of Justice said. His alleged technical assistant Marat Kazandjian, 31, aka "phant0m," was also arrested in Georgia.
GozNym also featured assorted spammers, money launderers and "mules" (money carriers).
The defendants allegedly advertised their specialized technical skills and services on underground, Russian-speaking online forums.
The police operation against the group began in 2016 with a German-led action in Ukraine that shut down the network's servers.
Its alleged leader is being prosecuted in Georgia. Other prosecutions are underway in Moldova, Ukraine and the US.
Five Russians, including the developer of the malware, identified as Vladimir Gorin, were charged in the US. However, they cannot be extradited because Russia does not send suspects abroad.
One of the Russians, Viktor Eremenko, was arrested in Sri Lanka at the request of US authorities in 2017 but "through the intervention of the Russian government" was freed on bail, after which he fled to Russia.
The Russians charged in the US indictment remain at large, according to Europol.
av/msh (Reuters, AFP)