The European Union Agency for Law Enforcement Cooperation (Euro pol) has dismantled a complex, malware-using, global cyber crime operation. In the process, 10 individuals have been charged and more are facing prosecution.
Law enforcement cooperation between Bulgaria, Georgia, Germany, Moldova, Ukraine, and the United States, with the support of Euro pol and Euro just, identified and dismantled a cyber criminal network that relied on the GozNym malware in an attempt to steal millions of dollars from unwitting victims. The scammers had planned to steal an estimated $100 million from over 41,000 businesses and financial institutions.
The criminal operation was a complex and organized setup. The leader of the network is from Georgia, and leased access to the GozNym malware from a developer in Russia. Work was then carried out with the help of other cyber criminals recruited via Russian-speaking criminal forums to "crypt the malware," which allowed it to bypass detection by security software.
A number of email spammers were then recruited to distribute phishing emails to potential victims in an attempt to place the GozNym malware on their computers. The emails took the form of legitimate-looking business emails that the targeted institutions would regularly expect to receive. Clicking a link in these emails redirected the victim's computer to a site where the malware was downloaded and subsequently installed.


Clearly the operation was a success; it infected over 41,000 computer systems. Once infected, the aim was to collect online banking login credentials so as to access those accounts and siphon out the money they contained. Those funds would then be laundered using both US and foreign banks controlled by the network's members.
Through cooperation and multiple searches carried out across Bulgaria, Georgia, Moldova, and Ukraine, law enforcement officials arrested 10 members of the network. All 10 have been charged by a federal grand jury in Pittsburgh with conspiracy—more specifically, to infect victims' computers with malware in order to steal banking details, then to steal the money they contained, and finally to launder it.