The leader of Russian-Ukrainian cybercrime gang Carbanak, allegedly responsible for stealing billions of euros from hundreds of banks, has been arrested in Spain.
Over the last five years, the “Carbanak” group has stolen roughly 1.2 billion euros from more than 100 financial institutions, according to a dual announcement Monday by Europol and police in Spain. Carbanak is the name for the cybercrime group as well as its characteristic hacking tool: a malware framework designed to allow the attacker to covertly move money around between different bank accounts.
An individual leading the criminal entity was recently arrested, but police have yet to release their name. At least two other members of Carbanak were also reportedly arrested in a related investigation.
In various cases, Carbanak was able to successfully spearphish banking employees. These breaches saw complex malware spread inside the companies, redirecting funds from legitimate accounts to ATM machines in Eastern Europe which would then dispense cash to “money mules” waiting on the ground.
When Carbanak infects a system, it allows for complete remote access, including the ability to record keystrokes and gain access to the computer’s video camera, according to prior research by cybersecurity companies Kaspersky Lab, IB Group and FireEye. There has been multiple iterations of the Carbanak malware, meaning that the group was likely continuously developing and upgrading their toolset.
The arrest marks yet another high profile win for Europol after the law enforcement organization also arrested Russian hacker Peter Levashov, who ran the notorious Kelihos botnet, in Spain earlier this year.
Security researchers have been tracking Carbanak for years, attributing multiple breaches to their criminal activities. But until today, little was known publicly about who exactly was behind Carbanak. Often the group would convert their illicit gains into Bitcoin before purchasing assets, making them difficult to track.