Cybercrime group GozNym malware, Steal $100 Million From 44,000 PCs.
A cyber kingpin who masterminded a criminal conspiracy that broke into 44,000 computers and likely stole millions of dollars has been apprehended, the FBI and global law enforcement partners claimed Thursday morning.
Alexander Konovolov and his alleged accomplice, Marat Kazandjian, are now being prosecuted in Georgia for their alleged part in the so-called GozNym criminal network, Europol and the FBI confirmed. The U.S. also unsealed an indictment charging ten members for being part of the GozNym crew. According to the U.S., Konovolov assembled the team of cybercriminals charged and Kazandjian carried out the technical aspects of that operation.
The GozNym operation was simple but successful: hack into Windows PCs, wait for users to enter banking passwords into their browser and hoover them up. They’d then break into users’ bank accounts and attempt to shift funds to their own accounts. They tried to pilfer $100 million in total, but it’s unclear just how much they successfully transferred.
Limor Kessem, global executive security advisor at IBM, told Forbes that in some cases, the targeted businesses and their banks discovered the fraudulent transfers before the money was sent back to the hackers.
What’s more, the arrests won’t have any impact on the GozNym malware; whoever was running the cyberattacks stopped using the tool back in late 2016, Kessem said. “Those still on the run will probably be extra careful to stay in parts of the world where extradition laws do not apply,” she added.
Five Russians who were also named in the indictment remain on the run, Europol confirmed. That included the alleged developer of the GozNym malware, Vladimir Gorin, who not only coded it but leased it to other criminals. Another of the Russians was the alleged spammer, who sent phishing emails to targets, which included attachments that contained the malware. Meanwhile, the member of the GozNym malware who encrypted it to avoid detection by anti-virus tools is being prosecuted in Moldova, the agency added.
Last month, the only other known member of the GozNym gang, Krasimir Nikolov, reversed his not guilty plea, admitting to three counts of cybercriminal activity. Nikolov, a Bulgarian who used the pseudonym SalvadorDali, was arrested in 2016, extradited to the U.S. and charged with bank fraud and hacking crimes. He’s now due to be sentenced in October.
A profitable cybercriminal operation?
Though it was unclear how much the GozNym group made off with, Kessem and her IBM research team revealed to Forbes in April 2016, the hackers stole $4 million from more than 24 American and Canadian banks in a matter of days.
The GozNym group was the epitome of the many coordinated and sophisticated cybercrime outfits in Eastern Europe. The gang was distributed across Ukraine, Moldova, Bulgaria, Kazakhstan and Russia and hired specialist hackers and money launders to aid its operations. . Distributed across Ukraine, Moldova, Bulgaria, Kazakhstan and Russia, the alleged members were accused of recruiting for different positions online, from those breaking into consumer and business PCs to those who were laundering funds through their accounts back to the operation’s masterminds.
According to the indictment, amongst the many victims of the GozNym were a Washington D.C. law firm, which lost $76,000 in a single fraud, and a Texas church. Nonprofit organizations, including one that worked with disabled children, were also hit. And a German distributor of neurosurgical and medical equipment lost nearly $100,000 as a result of an attack in March 2016.
Professor Alan Woodward, a cybersecurity expert from the U.K.-based University of Surrey, said the arrests could well make an impact, even if the GozNym crew had disbanded in 2016.
“It shows how crime as a service is enabling a lot of cyber crime,” he added. “This could put a nice dent in that.”