View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

EU and US Bust GozNym Group: Five Caught, Five on the Run

"Unprecedented, international law enforcement operation"

By CBR Staff Writer

Europol has helped coordinate an international law enforcement take-down of a cyber criminal network that targeted financial and businesses institutions, attacking some 41,000 victims with its GozNym malware.

Law enforcement in Bulgaria and Germany as well as Georgia, Moldova, Ukraine and the United States were involved in the bust. Five were arrested in Bulgaria, Moldova, Russia and Ukraine. The remaining five defendants are all Russian nationals. They remain wanted by the FBI, prosecutors said.

The group targeted predominately financial institutions and businesses organisations, nabbing some $100,000 million. A criminal Indictment returned by a federal grand jury in Pittsburgh, USA charged ten members of the GozNym criminal network with conspiracy to commit a range of crimes including money laundering.

(The group used Nymaim; a malware dropper which infected systems through the use of exploit kits from malicious links or emails and Gozi, a web injection module that lets users obtain login credentials via a web injection module targeting web browsers.)

An IBM X-Force security report notes that: “On the attack landscape, GozNym was highly active from the get-go, and by summer of 2016, a mere four months after its launch, it was a rising threat in the cybercrime arena. The actors operating GozNym targeted banks in Europe and North America, focusing on businesses and robbing millions in fraudulent wires. They were aggressive and fast to spread the malware to different countries”

The cyberattack group GozNym were known on online criminal forums where they would offer their specialised technical skills and services to the highest bidder. The criminal network GozNym is effectively dismantle as five of its members have been arrested and are facing charges not just in the US, but in several European jurisdictions as well.

Meanwhile another five defendants are on the run and wanted by the FBI.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Europol state that: “The GozNym network was formed when these individuals were recruited from the online forums by the GozNym leader who controlled more than 41,000 victim computers infected with GozNym malware.”

“The leader of the GozNym criminal network, along with his technical assistant, are being prosecuted in Georgia by the Prosecutor’s Office of Georgia and the Ministry of Internal Affairs of Georgia.”

GozNym Brought Down by the Fall of the Avalanche

The fall of the Avalanche network in 2016 was crucial to the lead up to the arrests made this week. The Avalanche network was a secure hosting service used by more than 200 cybercriminals, with records showing that it hosted at least 20 different malware campaigns.

That network was busted when its administrator in Ukraine was arrested following a  Germany-led operation that was tasked with dismantling the criminal network’s servers and infrastructure.

IBM X-Force notes that: “Avalanche just happened to also serve GozNym attacks, and the law enforcement operation designed to dismantle it was not only about domain takedown, it was also about taking down Avalanche’s criminal customers.”

Europol played a critical part in supporting what it called an, ‘unprecedented, international law enforcement operation,’ that saw police forces and prosecution offices from the US and all over Europe come together to shut done this cybercriminal network.

The operation was conducted by the United States Attorney’s Office for the Western District of Pennsylvania and the FBI’s Pittsburgh Field Office. While in Europe several agencies were involved in the investigation such as the Public Prosecutor’s Office Verden (Germany), the Prosecutor’s Office of Georgia, Prosecutor General’s Office of Ukraine and the Office of the General Prosecutor of Bulgaria.

See Also: Microsoft Attack Surface Analyzer Rewritten, Now Works on Mac and Linux

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.