The downfall of a major cybercrime ring exploiting banking Trojans

“A joint investigation team (JIT) consisting of investigators and judicial authorities from six different European countries, supported by Europol and Eurojust, has taken down a major cybercriminal group during a coordinated action in Ukraine.

The action resulted in the arrest of five suspects, eight house searches in four different cities, and the seizure of computer equipment and other devices for further forensic examination.

The aim of this JIT was to target high-level cybercriminals and their accomplices who are suspected of developing, exploiting and distributing Zeus and SpyEye malware, as well as channeling and cashing-out the proceeds of their crimes.

The cybercriminals used malware to attack online banking systems in Europe and beyond, adapting their sophisticated banking Trojans over time to defeat the security measures implemented by the banks. Each cybercriminal had their specialty and the group was involved in creating malware, infecting machines, harvesting bank credentials and laundering the money through so-called money mule networks.

On the digital underground forums, they actively traded stolen credentials, compromised bank account information and malware, while selling their hacking services and looking for new cooperation partners in other cybercriminal activities.

This was a very active criminal group that worked in countries across all continents, infecting tens of thousands of users computers with banking Trojans, and subsequently targeted many major banks. The damage produced by the group is estimated to be at least EUR 2 million.

“In one of the most significant operations coordinated by the agency in recent years Europol worked with an international team of investigators to bring down a very destructive cybercriminal group. With our international partners, we are committed to fighting the threats brought about by malware and other forms of cybercrime, to realise safer technology infrastructures and online financial transactions for businesses and people the world over,” said Rob Wainwright, Director of Europol.

“This case demonstrates that it is only possible to combat cybercrime in a successful and sustainable way if all actors-that means investigative judges and judicial authorities- coordinate and cooperate across the borders. Ingrid Maschl-Clausen, National Member of Austria to Eurojust, commented at a press conference in Vienna.

The recent action was part of the wider investigation that was launched in 2013 by the JIT members (Austria, Belgium, Finland, the Netherlands, Norway and the United Kingdom), and facilitated by Europol and Eurojust Last weeks results brings the total number of arrests in this operation to 60 34 who were captured as part of a money mule operation run by Dutch law enforcement authorities.

Europol has provided crucial support to the investigation since 2013 including handling and analysis of terabytes of data, and thousands of files in the Europol Malware Analysis System; handling of thousands sensitive operational messages; production of intelligence analysis reports; forensic examination of devices; organization of operational meetings and bi-monthly international conference calls.

The enormous amount of data that was collected and processed during the investigation will now be used to trace the cybercriminals still at large. Both Eurojust and Europol provided funding for the joint investigation team.

Several action days took place during the course of the long-running investigation, which resulted in significant operational successes in Belgium, Estonia, Finland, Latvia, the Netherlands and Ukraine. Such results were possible thanks to intense cooperation between the JIT and law enforcement and judicial partners in Estonia, Latvia, Germany, Moldova, Poland, Ukraine and the US.”