International Cybercrime Network Taken Down, Key Players Indicted In Pittsburgh

May 16, 2019

International law enforcement partners announced Thursday that a large malware conspiracy network has been taken down. According to the U.S. Department of Justice, those behind the GozNym malware attacks attempted to steal an estimated $100 million from victims.

An indictment against 10 key players came out of a federal grand jury in Pittsburgh. Those charged are from five eastern European countries, and five Russian nationals are still at large.

U.S. Attorney for the Western District of Pennsylvania Scott Brady said the scope of the organization made it important to take down.

"We identified over 41,000 victims, unsuspecting citizens, of European and North American countries," Brady said. "[They] thought they were clicking on a simple invoice or a notification as part of their business."

Instead, they downloaded a file that gave hackers access to their computers. From there, the hackers could record keystrokes from the victims' computers, steal banking log-in credentials and then launder the stolen money into foreign bank accounts they controlled.

Several defendants are awaiting prosecution in Europe. An 11th participant in the conspiracy was extradited to the United States from Bulgaria in 2016 and pleaded guilty last month in a related case in federal court in Pittsburgh.

The investigation was an outgrowth of the Justice Department's dismantling in 2016 of a network of computer servers, known as Avalanche, which hosted more than 20 different types of malware.

GozNym, the malware cited in Thursday's case, was among the ones hosted on the network and was designed to automate the theft of sensitive personal and financial information. Law enforcement officials say it was formed by the defendants as they advertised their technical skills in underground, Russian-language online criminal forums. 

The Associated Press contributed to this report.