Spain Breaks Up Ukrainian-Russian Cybercrime Gang
Spanish authorities have broken up a cybercrime syndicate of Ukrainian and Russian nationals that allegedly stole more than 1 billion euros ($1.24 billion) from bank accounts over more than four years.
The Interior Ministry on March 26 said the gang’s alleged mastermind, identified as a Ukrainian and named only as “Denis K.,” was arrested in the coastal city of Alicante, along with three accomplices who it said were Russian and Ukrainian citizens.
In a statement, the ministry said the group “infected with malicious software the computer systems of banks, mainly in Russia, but also in Belarus, Azerbaijan, Kazakhstan, Ukraine, and Taiwan, taking control of critical systems that allowed them to empty ATMs remotely, alter balances, or modify accounts.”
Since it began operating in 2013, the group “managed to gain access to practically all of Russia’s banks and make withdrawals from ATMs in Madrid for half a million euros,” the statement also said.
Earlier on March 26, Europe’s law enforcement agency announced that the cybercrime group’s suspected mastermind was arrested in Alicante following an investigation conducted by the Spanish National Police with the support of Europol, the U.S. FBI, Romanian, Belarusian, and Taiwanese authorities, as well as private cybersecurity companies. Europol did not disclose the person’s name or nationality.
It said in a statement that the gang used malware known as Carbanak and Cobalt to target more than 100 banks in more than 40 countries since late 2013.
Europol said the group distributed the malware as e-mail attachments sent out to bank workers. The software gave the cybercriminals remote control of infected machines, providing them with access to the internal banking network and infecting servers controlling ATMs.
According to the Spanish Interior Ministry, the criminals relied first on individuals linked first with Russian and then later with Moldovan organized crime to extract money from cash machines that had been targeted with the malware.
The earnings were converted into Bitcoin at exchange houses in Russia and Ukraine, the ministry said. Financial platforms in Gibraltar and Britain were then used to “load prepaid cards with this cryptocurrency and spend them in Spain on all kinds of goods and services,” including cars and homes.
The Interior Ministry said that police seized jewels worth 500,000 euros and two luxury cars during the raid in Alicante. Bank accounts and two homes valued at about 1 million euros were also blocked.
Copyright (c) 2015. RFE/RL, Inc. Reprinted with the permission of Radio Free Europe/Radio Liberty, 1201 Connecticut Ave NW, Ste 400, Washington DC 20036.