Authorities from six European countries have taken down a major cybercriminal group in Ukraine suspected of developing, exploiting and distributing well-known banking Trojans Zeus and SpyEye, according to Europol.
Police arrested five suspects between June 18 and 19. The cybercriminals used malware to attack online banking systems in Europe and elsewhere, adapting their sophisticated banking Trojans over time to defeat security measures implemented by the banks, authorities say. Each cybercriminal had a specialty, and the group was involved in creating malware, infecting machines, harvesting bank credentials and laundering the money through so-called money mule networks.
In all, some 60 people are under arrest in this operation, including 34 captured as part of a ‘money mule’ ring run by Dutch law enforcement authorities. Several raids took place during the long-running investigation beside the Ukraine operation, including in Belgium, Estonia, Finland, Latvia and the Netherlands.
On the digital underground forums, the criminals actively traded stolen credentials, compromised bank account information and malware, while selling hacking ‘services’ and looking for partners in other cybercrimes. The criminal group worked on all continents, infecting tens of thousands of computers with banking Trojans, and subsequently targeting many major banks. The damage inflicted by the group is estimated at least EUR 2 million, prosecutors claim.
“In one of the most significant operations coordinated by the agency in recent years Europol worked with an international team of investigators to bring down a very destructive cybercriminal group,” said Rob Wainwright, director of Europol. “This case demonstrates that it is only possible to combat cybercrime in a successful and sustainable way if all actors-that means investigative judges and judicial authorities- coordinate and cooperate across the borders”.