1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

Police uncover international cybercrime ring

May 16, 2019

Police in six countries have dismantled a cybercrime ring based in Eastern Europe that stole $100 million from thousands of victims worldwide. The GozNym malware was delivered via email to unsuspecting users.

Europol press conference in The Hague about cybercrime
Image: Reuters/E. Plevier

A complex cybercrime network that operated from Eastern Europe and fleeced victims — including small businesses and charities — of some $100 million has been "dismantled" by police from the US, Georgia, Ukraine, Germany, Bulgaria and Moldova. European law enforcement agency Europol announced the operation's success on Thursday. 

The GozNym network, led by a man from Tbilisi, Georgia, used "phishing" emails to infect computers of more than 41,000 victims with malware. The emails were designed to appear legitimate to entice the victim recipients into opening them and clicking on a malicious link or attachment that facilitated the downloading of GozNym onto the victims' computers. 

Then specialized members of the group in Bulgaria and Ukraine seized control of victims' online bank accounts and transferred their funds to laundering accounts.

Illustration - Computer screen with the word password
Victims included small businesses as well as charities for disabled childrenImage: Reuters/P. Kopczynksi

Ten of the network's members have been charged with conspiracy to steal online banking credentials and deposits under a US grand jury indictment.

"The victims included [small] businesses, law firms, international corporations... nonprofit organizations that worked with disabled children," US Attorney Scott Brady told a news conference in The Hague.

Brady said the collaboration between law enforcement officials that was required to dismantle the crime group would prove a "blueprint" for future operations.

Ringleader arrested

The alleged leader of the GozNym criminal network, Alexander Konovolov, 35, of Tbilisi, who used the online name "NoNe," was arrested in Georgia, the US Department of Justice said. His alleged technical assistant Marat Kazandjian, 31, aka "phant0m," was also arrested in Georgia.

GozNym also featured assorted spammers, money launderers and "mules" (money carriers).

The defendants allegedly advertised their specialized technical skills and services on underground, Russian-speaking online forums.

The police operation against the group began in 2016 with a German-led action in Ukraine that shut down the network's servers.

Its alleged leader is being prosecuted in Georgia. Other prosecutions are underway in Moldova, Ukraine and the US.

Five Russians, including the developer of the malware, identified as Vladimir Gorin, were charged in the US. However, they cannot be extradited because Russia does not send suspects abroad. 

Black hand with a Russian flag on it over computer code
Russian suspects on the runImage: picture-alliance/Bildagentur-online/Ohde

One of the Russians, Viktor Eremenko, was arrested in Sri Lanka at the request of US authorities in 2017 but "through the intervention of the Russian government" was freed on bail, after which he fled to Russia.

The Russians charged in the US indictment remain at large, according to Europol.

av/msh (Reuters, AFP)

Each evening at 1830 UTC, DW's editors send out a selection of the day's hard news and quality feature journalism. You can sign up to receive it directly here.

Skip next section Explore more
Skip next section DW's Top Story

DW's Top Story

Refugees wait after crossing the border and arriving at a registration centre of the Armenian foreign affairs ministry, near the border town of Kornidzor, on September 25
Skip next section More stories from DW
Go to homepage