The person suspected of being behind malware attacks known as “Carbanak” and “Cobalt” was arrested in Alicante, a port city on the southeast coast of Spain, after cooperation between police forces in the United States, Asia and Europe, Europol said.
The Interior Ministry said “Denis K“, who had directed the criminal organisation from Spain since 2013, was arrested with three members of his organisation, who originally came from Russia and Ukraine, it said. The Ukrainian police did not provide further details.
“Denis K” used financial platforms in Gibraltar and the United Kingdom to load prepaid cards with bitcoin and spend them in Spain on cars, homes, and other goods.
He also set up an “enormous network” to mine bitcoin which he used as a means of laundering money.
More below the fold …
Kaspersky Lab, INTERPOL, Europol and authorities from different countries have combined efforts to uncover the criminal plot behind an unprecedented cyberrobbery. Up to one billion American dollars was stolen in about two years from financial institutions worldwide. The experts report that responsibility for the robbery rests with a multinational gang of cybercriminals from Russia, Ukraine and other parts of Europe, as well as from China. The Carbanak criminal gang responsible for the cyberrobbery used techniques drawn from the arsenal of targeted attacks. The plot marks the beginning of a new stage in the evolution of cybercriminal activity, where malicious users steal money directly from banks, and avoid targeting end users.
Since 2013, the criminals have attempted to attack up to 100 banks, e-payment systems and other financial institutions in around 30 countries. The attacks remain active. According to Kaspersky Lab data, the Carbanak targets included financial organizations in Russia, USA, Germany, China, Ukraine, Canada, Hong Kong, Taiwan, Romania, France, Spain, Norway, India, the UK, Poland, Pakistan, Nepal, Morocco, Iceland, Ireland, Czech Republic, Switzerland, Brazil, Bulgaria, and Australia.
It is estimated that the largest sums were grabbed by hacking into banks and stealing up to ten million dollars in each raid. On average, each bank robbery took between two and four months, from infecting the first computer at the bank’s corporate network to making off with the stolen money.
Police have arrested the alleged mastermind behind the Carbanak gang: a group of cybercrooks that’s targeted banks since late 2013, phishing their way into networks, infecting servers and gaining control of automated teller machines (ATMs) that they’ve caused to spew cash to waiting money mules.
According to Europol, the alleged crime boss, whom it didn’t name, was arrested in Alicante, Spain, following a joint investigation by the Spanish National Police, with the support of Europol, the US FBI, the Romanian, Belarussian and Taiwanese authorities and private cybersecurity companies.
Since 2013, the gang has gone after banks, e-payment systems and financial institutions using their malware, which is known as Carbanak and Cobalt. They’ve hit banks in more than 40 countries: attacks that have resulted in cumulative losses of over €1 billion (USD $1.24 billion).
Europol said in an announcement on Monday that just the Cobalt malware alone allowed the crooks to steal up to €10 million per heist.
A spokesman for the European Banking Federation (EBF) noted in a conversation with Fortune that the gang’s sophisticated Cobalt malware campaign only began in 2016, making it “fair to say” that the total amount stolen must be significantly above €1 billion at this point.
The gang’s malware evolution started with the launch of the Anunak malware campaign.
Europol provided this infographic that shows how the criminal network, and their malware, work.