Cyber crime gang broken up in Spain after five-year malware spree
The gang are alleged to have used phishing emails to take control of bank computers and infect ATM servers.
Spanish police have captured a cyber crime gang made up of Ukrainians and Russians which allegedly stole more than one billion euro (£870 million) from financial institutions worldwide in a five-year spree.
The gang’s alleged mastermind, identified as a Ukrainian and named only as Denis K, was arrested in the coastal city of Alicante, 220 miles south-east of Madrid, according to Spanish police and Europol.
Three suspected accomplices, said to be Russian and Ukrainian, were also arrested.
The gang used malware to target more than 100 financial institutions worldwide, sometimes stealing up to 10 million euro (£8.7 million) in each heist. Almost all of Russia’s banks were targeted, and about 50 of them lost money in the attacks, authorities said.
The gang sent phishing emails with a malicious attachment to bank workers, Europol said. The software gave the gang remote control of infected machines, providing them with access to the internal banking network and infecting servers controlling ATMs.
ATMs were instructed to dispense cash at a pre-determined time, and the money was collected by organised crime groups supporting the main gang.
The gang converted its illicit gains into bitcoins and used the cryptocurrency to purchase assets in Spain, including houses and vehicles.
In Ukraine, police said an unidentified 30-year-old man linked to the gang was co-operating with authorities.
Ross Rustici, a senior director at Boston-based digital security firm Cybereason, said the gang stood out from others because of the amount of care and planning it put into operations.
“They’re unusual in how slow and methodical they are and how organised they are,” he said.
Other groups use similar techniques in isolation, “but nobody before them had strung all those things together on such a scale”.
Mr Rustici said it seemed likely the gang members botched their effort to launder their ill-gotten gains.
“That’s usually what happens with these who are very good on the network side, they make mistakes on the money side,” he said.
“You can’t buy a nice villa on the Mediterranean with cryptocurrency. Or at least not yet.”