U.S., international authorities disrupt cybercrime organization responsible for $100M in damages

A transnational criminal organization that used malware to steal more than $100 million from more than 41,000 victims has been dismantled, U.S. and international law enforcement officials said Thursday.

Police in the United States, Bulgaria, Georgia, Moldova and Ukraine took down the GozNym malware criminal network, Scott Brady, U.S. attorney in Pittsburgh said at a press conference in The Hague, Netherlands.

“It was truly the scope of this organization that made this campaign so dangerous,” Mr. Brady said.

The GozNym gang’s alleged victims included mom-and-pop businesses, law firms, international corporations and nonprofit organizations that benefited children with disabilities. Victims were both in the United States and Europe.

Mr. Brady said 10 defendants were named in a grand jury indictment handed down in Pittsburgh. They will be prosecuted in their own countries with the exception of five Russians who remain fugitives.

The leader of the network, along with his technical assistant faces charges in the country of Georgia. Another member will be prosecuted in Moldova.

Five Russians remain on the run from authorities.

Mr. Brady described the operation as “unprecedented” with U.S. Bulgaria, Georgia, Moldova and Ukraine authorities cooperating to bring down the network.

“The only way to truly dismantle and disrupt these transnational networks is to do so in partnership,” he said. “In this case, simultaneous prosecution in four partner nations represents a paradigm change in how we prosecute cybercrime.”

The gang infected computers with malware through spearfishing attacks that captured online banking information, including account numbers. GozNym members would then use the account information to siphon money.

“It was truly a crime without borders,” Mr. Brady said.

Federal authorities’ GozNym probe stemmed from a 2016 investigation into an illegal international server known as Avalanche. That case resulted in the prosecution of a Bulgarian hacker, who pleaded guilty in a Pittsburgh courtroom in April.

The hacker, Kasimir Nikolov used the malware to stealing banking information from two Pittsburgh-area businesses, according to his plea agreement.