Banking Cybercriminal Gang Dismantled by Europol

Key members of the notorious gang behind the development and distribution of the ZeuS and SpyEye malware have been arrested due to the joint efforts of key law enforcement agencies across Europe.

A major Ukrainian cybercriminal gang was taken down by the Joint Investigate Team (JIT), Europol recently announced. The cybercrime sting was put together with the help of law enforcement agencies from Estonia, Latvia, Germany, Poland, Ukraine, the UK and the US.

“In one of the most significant operations coordinated by the agency in recent years Europol worked with an international team of investigators to bring down a very destructive cybercriminal group,” confirmed Europol director, Rob Wainwright.

The malware’s trail of damages

A number of arrests have been made, a total of 60 with 26 key ‘high level’ figures in the gang and 34 more lower-level money mule, according to Europol. The cybercriminal gang was notorious for reasons including:

  • Damaging tens of thousands of PCs in the banking industry, including those of major global banks.
  • Damages due to the malware related cybercrimes are estimated to be over $3 million. These are entirely conservative numbers, with actual damages likely to be far more.
  • Targeting ATMs and trading stolen bank credentials on underground forums online.

Wainwright also added to the statement, saying: “With our international partners, we are committed to fighting the threats brought about by malware and other forms of cybercrime, to realize safer technology infrastructures and online financial transactions for businesses and people the world over.”

A multi-national sting operation

After the arrest of Aleksandr Andreevich Panin, the creator of SpyEye, by the FBI when he was taking a holiday in the Dominican Republic, it’s important to note that the programmers behind the creation of the malware aren’t always the ones who wield it. It was down to the Europol and other investigating and judicial authorities to find and take down the core members of the malware cybercriminal gang.

A joint-operation was carried out between Eurojust and Europol to bring down suspects accused of distributing SpyEye and ZeuS. These are two malware families that have widely-known banking Trojans used by phishing scams and botnets all around the world.

“The cybercriminals used malware to attack online banking systems in Europe and beyond, adapting their sophisticated banking Trojans over time to defeat the security measures implemented by the banks. Each cybercriminal had their specialty and the group was involved in creating malware, infecting machines, harvesting bank credentials and laundering the money through so-called money mule networks,” Europol confirmed.

Ukraine, so often a hot-bed for cybercrime as a safe base for cybercriminal gangs is experiencing a change. With a new government, there has been a concentrated drive among authorities to clean the country’s image by getting rid of its notoriety as a crime hub.

Europol has also recovered terabytes of information and data from the investigation. The data will be used to track down and round up the remaining ZeuS and SpyEye cybercriminals.