Content, Breach

Digital Cops Bust Hackers Armed With GozNym Malware

Credit: Pixabay

An international cyber crime crew that allegedly attempted to steal more than $100 million from dozens of victims has been dismantled by law enforcement authorities in the U.S. and five other countries following a two-year long investigation.

The eponymous gang is said to have infected computers with the GozNym malware enabling the cyber wise guys to steal online banking information to break into victims’ bank accounts. Criminals joined the decentralized gang by advertising their bona fides in Russian language online underground forums to get their hands on the malware, in what has been described as a prime example of cyber crime as-a-service, the indictment said, according to a KrebsonSecurity report.

Coordinated, cross-border law enforcement actions in Bulgaria, Georgia, Germany, Moldova and Ukraine in addition to the U.S. took down the thieves. Details of the operation were revealed at Europol’s headquarters in The Hague.

Small businesses, which cyber bandits often see as low-hanging fruit not equipped with the necessary resources to set up strong network bulwarks, were reportedly the main targets of the GozNym guys. Indictments against 10 members of the syndicate tied to a string of cyber hold ups that occurred over a 15-month period from October 2015 through December 2016 were unsealed in a Pittsburgh, Pennsylvania court last week.

Last month, Krasimir Nikolov, a Bulgarian extradited to the U.S. for his involvement in stealing from bank accounts infected with the GozNym code, pleaded guilty in federal court in Pittsburgh on charges relating to his participation in the GozNym conspiracy. He is scheduled for sentencing in August. (via KrebsonSecurity). While the feds fingered Nikolov as a key associate, he apparently wasn’t the gang's top dog. That honor reportedly belonged to Alexander Konovolov, a Georgian said to have control over more than 40,000 computers infected with the GozNym malware.

Of the 10 hoods the feds pinched on charges ranging from robbery to money laundering, five Russian nationals, including Vladimir Gorin, GozNym's developer who is believed to have overseen leasing the malicious code to other cyber outlaws, remain on the lam. Others named in the indictment include Eduard Malancini, who specialized in obfuscating the GozNym malware to evade detection by antivirus software,  mule manager Farkhad Rauf Ogly Manokhim and Konstantin Volchkov, who ran the spamming service that sprung GozNym on unsuspecting email recipients.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.