MADRID: Spain and Europol on Monday announced the arrest of a Ukrainian man dubbed the mastermind of a gang behind hundreds of cyberattacks that have netted around a billion euros from banks.
The man, detained in the eastern coastal city of Alicante, carried out attacks using malware such as “Carbanak” and “Cobalt,” according to Europol, which hailed cooperation with Spanish financial police as well as the FBI, Romanian, Belarusian and Taiwanese authorities and private cyber security firms.
From 2013, when it launched the Anunak malware programme, the gang attacked banks, e-payment systems and financial institutions in more than 40 countries, resulting “in cumulative losses of over EUR 1 billion for the financial industry,” Europol said.
“The Cobalt malware alone allowed criminals to steal up to EUR 10 million per heist,” the pan-European police body added.
Criminals sent phishing mails to bank employees with attachments purported to come from legitimate firms.
Once the malicious software had been downloaded it would allow the criminals to control infected computers remotely and gain access to the internal banking network as well as servers controlling ATM cashpoints from where “money mules” would collect the cash.
Some profits from the heists were laundered via cryptocurrencies, using prepaid cards linked to cryptocurrency wallets, investigators said.
The Spanish interior ministry named the suspect only as Denis K and said three accomplices “managed to gain access to practically all of Russia’s banks and make withdrawals from ATMs in Madrid for half a million euros.”
Wim Mijs, chief executive officer of the European Banking Federation, which helped with the investigation, said it “clearly goes beyond raising awareness on cybersecurity and demonstrates the value of our partnership with the cybercrime specialists at Europol.
“Public-private cooperation is essential when it comes to effectively fighting digital cross-border crimes like the one that we are seeing here with the Carbanak gang.”
Steven Wilson, head of Europol’s European Cybercrime Centre (EC3), lauded “a significant success” against a top level cybercriminal organisation in an operation which “illustrates that cybercriminals can no longer hide behind perceived international anonymity.”
Leave a Comment