Law enforcement officials from the U.S. and some European allies say they have broken up a criminal network that used banking malware to try to steal an estimated $100 million from over 41,000 victims in multiple countries.
An indictment made public Thursday alleges that 10 members of a criminal organization used the GozNym malware, a banking trojan that infects internet browsers and was compiled from two other known pieces of malware, to steal victims’ login credentials, steal their money and then launder those funds through U.S. and foreign bank accounts.
The primary victims were U.S. businesses and their supporting financial institutions, including several victims in the Western District of Pennsylvania, U.S. officials said. Other organizations hit were a Pennsylvania asphalt and paving business, a Washington law firm, a casino in Gulport, Mississippi, and a California furniture business, according to the indictment. Cybersecurity researchers tracking GozNym in recent years have reported its targeting of credit unions, e-commerce, and other finance subsectors.
The ringleader, according to the indictment, was Alexander Konovolov, a 35-year-old Georgian who allegedly controlled the roughly 41,000 victim computers. Konovolov and his accomplice are being prosecuted in Georgia, law enforcement officials said.
How much money the gang successfully stole was not immediately clear.
The crackdown saw the U.S. partner with Bulgaria, Georgia, Germany, Moldova, and Ukraine, resulting in an indictment being returned by a federal grand jury in Pittsburgh, and prosecution of defendants in Georgia, Moldova, and Ukraine. Five of the accused live in Russia, which does not have an extradition agreement with the U.S.
“We found that GozNym was a highly structured, specialized organized crime network, and each defendant represented in the indictment had a specialized role to play and brought a unique skillset to the conspiracy,” Scott Brady, the U.S. attorney for the Western District of Pennsylvania, said at a press conference Thursday.
Thursday’s announcement comes after the 2016 indictment of another alleged member of the crime ring, a Bulgarian named Krasimir Nikolov. In the years since, law enforcement officials on both sides of the Atlantic say they have been building a cases against Nikolov’s former colleagues.