GozNym Cybercrime Gang Dismantled in Global Operation

A criminal gang that used GozNym malware to try and steal an estimated $100m from more than 41,000 victims, have been dismantled.

The “unprecedented, international law enforcement operation” went after the gang after it began targeting mostly businesses and their financial institutions around the world.

Ten members of the GozNym criminal network have been charged by a federal grand jury in Pittsburgh, with conspiracy.

Malware driven

According to Europol, the gang members are facing conspiracy charges because they infected victims’ computers with GozNym malware, designed to capture victims’ online banking login credentials.

The gang members then used the captured login credentials to fraudulently gain unauthorised access to victims’ online bank accounts. They then stole money from victims’ bank accounts and laundered those funds using US and foreign beneficiary bank accounts controlled by the defendants.

The international investigation was huge, with law enforcement in Bulgaria and Germany as well as Georgia, Moldova, Ukraine and the United States involved.

Europol also supported the case.

Searches were conducted in Bulgaria, Georgia, Moldova and Ukraine. And criminal prosecutions have been initiated in Georgia, Moldova, Ukraine and the United States.

According to Europol, the GozNym network exemplified the concept of “cybercrime as a service,” with different criminal services such as bulletproof hosters, money mules networks, crypters, spammers, coders, organisers, and technical support, all working together.

Apparently the defendants advertised their specialised technical skills and services on underground, Russian-speaking online criminal forums.

The leader of the GozNym criminal network, along with his technical assistant, are being prosecuted in Georgia.

A gang member who encrypted GozNym malware to enable it to avoid detection by anti-virus tools and protective software on victims’ computers is being prosecuted in Moldova.

Another member from Bulgaria was already arrested by the Bulgarian authorities and extradited to the United States. His primary role in the conspiracy was that of a “casher” or “account takeover specialist” who used victims’ stolen online banking credentials captured by GozNym malware to access victims’ online bank accounts and attempt to steal victims’ money.

Other defendants, said to be mostly Russian, had other roles, but Europol did reveal that five Russian nationals charged in the indictment remain on the run.

And ‘bulletproof hosting services’ were provided by Avalanche Network, and a person is being prosecuted in Ukraine for his role.

Two years ago Europol warned there were more than 5,000 criminal gangs operating within Europe, and almost all of them are utilising some form of technology.

This, according to Europol, is perhaps the greatest challenge now facing law enforcement authorities around the world.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Gloucester City Council Confirms ‘Cyber Incident’

Council IT services hit by so called 'sleeper' malware, with media reports pointing the finger…

16 hours ago

Gigabyte Broadband Pledge At Risk, Warns Spending Watchdog

UK pledge to close the digital divide of broadband services for urban and rural customers…

18 hours ago

UK To Address Marketing Of High Risk Crypto Investments

British financial watchdog says it will curb the marketing of cryptoassets and other high-risk investments,…

20 hours ago

Tesla Driver Charged With Manslaughter After Autopilot Crash

Criminal charges for the first time in fatal crash involving Tesla's Autopilot, as driver is…

22 hours ago

Airport 5G Towers Switched Off In Temporary Aviation Compromise

AT&T and Verizon agree to temporarily switch off 5G towers near certain airports, as operators…

23 hours ago