Police in six countries have dismantled a complex cybercrime network that operated from Eastern Europe and fleeced victims — including small businesses and charities – of some $100 million, Europe’s police agency said on Thursday.
The GozNym network, led by a man from Tbilisi, Georgia, used phishing emails to infect the computers of more than 41,000 victims with malware. Specialized members of the group in Bulgaria and Ukraine then seized control of victims’ online bank accounts and transferred their funds to laundering accounts.
Ten of the network’s members have been charged with conspiracy to steal online banking credentials and deposits under a U.S. grand jury indictment.
“The victims included mom-and-pop businesses…, law firms, international corporations, …non-profit organizations that worked with disabled children,” U.S. Attorney Scott Brady told a news conference in The Hague.
Brady said the collaboration between American, Georgian, Ukrainian, German, Bulgarian and Moldovan law enforcement that was required to dismantle the crime group would prove a “blueprint” for future operations.
GozNym featured the Georgian ringleader, a Russian software developer, encryption experts in Moldova and Kazakhstan, “account takeover specialists” in Bulgaria and Ukraine, as well as assorted spammers, money launderers and “mules” (money carriers).
The defendants allegedly advertised their specialized technical skills and services on underground, Russian-speaking online forums.
The operation against the group began in 2016 with a German-led action in Ukraine that shut down the network’s servers.
Its alleged leader is being prosecuted in Georgia. Other prosecutions are underway in Moldova, Ukraine and the United States.
Five Russians charged in the U.S. indictment, including the man accused of having developed the malware, remain at large, according to Europol.