GozNym Cybercrime Gang Dismantled in Global Operation

A criminal gang that used GozNym malware to try and steal an estimated $100m from more than 41,000 victims, have been dismantled.

The “unprecedented, international law enforcement operation” went after the gang after it began targeting mostly businesses and their financial institutions around the world.

Ten members of the GozNym criminal network have been charged by a federal grand jury in Pittsburgh, with conspiracy.

Malware driven

According to Europol, the gang members are facing conspiracy charges because they infected victims’ computers with GozNym malware, designed to capture victims’ online banking login credentials.

The gang members then used the captured login credentials to fraudulently gain unauthorised access to victims’ online bank accounts. They then stole money from victims’ bank accounts and laundered those funds using US and foreign beneficiary bank accounts controlled by the defendants.

The international investigation was huge, with law enforcement in Bulgaria and Germany as well as Georgia, Moldova, Ukraine and the United States involved.

Europol also supported the case.

Searches were conducted in Bulgaria, Georgia, Moldova and Ukraine. And criminal prosecutions have been initiated in Georgia, Moldova, Ukraine and the United States.

According to Europol, the GozNym network exemplified the concept of “cybercrime as a service,” with different criminal services such as bulletproof hosters, money mules networks, crypters, spammers, coders, organisers, and technical support, all working together.

Apparently the defendants advertised their specialised technical skills and services on underground, Russian-speaking online criminal forums.

The leader of the GozNym criminal network, along with his technical assistant, are being prosecuted in Georgia.

A gang member who encrypted GozNym malware to enable it to avoid detection by anti-virus tools and protective software on victims’ computers is being prosecuted in Moldova.

Another member from Bulgaria was already arrested by the Bulgarian authorities and extradited to the United States. His primary role in the conspiracy was that of a “casher” or “account takeover specialist” who used victims’ stolen online banking credentials captured by GozNym malware to access victims’ online bank accounts and attempt to steal victims’ money.

Other defendants, said to be mostly Russian, had other roles, but Europol did reveal that five Russian nationals charged in the indictment remain on the run.

And ‘bulletproof hosting services’ were provided by Avalanche Network, and a person is being prosecuted in Ukraine for his role.

Two years ago Europol warned there were more than 5,000 criminal gangs operating within Europe, and almost all of them are utilising some form of technology.

This, according to Europol, is perhaps the greatest challenge now facing law enforcement authorities around the world.

Do you know all about security? Try our quiz!