Foreign hackers are suspected of breaching several organizations, including defense contractors, and accessing sensitive information, according to a report by cybersecurity researchers.

The Arrest Of A Global Malware Crew Reveals Cybercrime Anatomy

Foreign hackers are suspected of breaching several organizations, including defense contractors, and accessing sensitive information, according to a report by cybersecurity researchers.

The world is well aware of the threats posed to businesses and individuals from cybercrime – we only have to point to the Colonial Pipeline Ransomware attack or 2021 that impacted fuel supplies, or the Kaseya Ransomware heist operated by the REvil crew inflicting losses of $70m.

Despite these high-profile events, the workings of cybercrime have remained something of a mystery – until now. Ever since the arrest of a global malware crew in Eastern Europe – called the Goznym crew – the extent of the operations has been revealed – they are highly organized. 

The Goznym Crew

The Goznym crew was taken down by a global operation that involved police authorities in six countries, including the US Justice Department and Europol. The operation was successful and led to the arrest of ten crew members responsible for infecting 41,000 computers with malware.

The aim of the gang was to use malware to steal $100 million dollars from US citizens – it is unclear how successful they were before they were rumbled. The assets show how organized cybercrime has become amongst a loose association of freelancers operating internationally.

Malware Developers

Cybercriminals intending to con US citizens of millions of dollars employed sophisticated malware, a software designed by a Russian man named Vladimir Gorin. Vladimir Gorin was the programming expert that created, developed, and managed the Goznym banking malware that was used in the attacks. He was one of the key crew members.

The malware he developed was keylogger software that hijacked a user’s browser. Once clicked, the software installed phishing fields on banking websites. When the user logged in with their account details, they were stolen by the gang and used to access bank accounts stealing millions of dollars from victims – even hacking two-factor authentication.    

Operational Managers

The Goznym crew might have been a loose association of freelancers, but they were highly organized. They recognized a man named Alexander Konovolov, from Georgia, as their operational leader. Konovolov was responsible for overseeing the operation to infect computers with the Goznym malware. He worked with others in online chats.

However, Konovolov did not operate on his own; he was assisted by a technical director called Marat Kazandijian. Kazandijian helped to control the tens of thousands of computers infected in the operation, channeling funds and protecting them from being detected by law enforcement. 

Hosting Platforms

In order for a larger-scale cybercrime operation to be successful, a covert hosting platform was needed that prevented the gage from being detected. Organizing this was the task of Ukrainian tech-wizard Gennady Kapkanov, who built and managed the gang’s hosting infrastructure. 

Kapkanov was responsible for creating a hosting platform called Avalanche that hosted 20 different malware operations. Although he was a key member of the Goznym crew, he managed to evade prosecution due to some anomalies in his charging documents forcing his release. 

Malware Coders

Online articles and news stories are full of statements about the nature of cybercrime, stating that cybercriminals always attempt to stay one step ahead of cybersecurity technology. Following the arrest of the Goznym crew coder – Eduard Malanici – it’s clear this is the case.

Eduard Malanici was responsible for encrypting the malware used by the Gozmyn crew so that it could not be detected by antivirus software. In this respect, the gang was successful since they managed to evade capture through this channel. One reason for cyber security courses.  

Malware Operators   

As if a team of tech specialists, managers, and hosting providers wasn’t enough, the Goznym gang also had malware operators responsible for sending the program out to thousands of computers and potential victims. It was a scattergun approach in the hope of landing clicks. 

One of the gang’s key operators was a Russian man called Konstantin Volchov, who headed the spamming operations. It was his team’s job to reach as many targets as possible with links and phishing emails to install Goznym software on computers and start gathering account details.  

Account Managers  

After the software had been installed and the victim had clicked the link or opened the email, the job was sent to a team of account experts responsible for taking over the bank account and withdrawing funds electronically. These men were Ruslan Katirkin and Krasimir Nikolov. 

Following the account takeover, the cash had to be withdrawn and then laundered; this part of the process fell to other members of the gang with these specialist skills. All in all, there were six different departments that operated internationally to successfully cipher millions of dollars.   

In the courts, the gang was often referred to as the Goznym crew in reference to the name of the malware they invented and used. This made them appear like a coherent group of organized criminals. There were indeed organized, but each of them operated on its own.

According to law enforcement officials, most of the organizing for the fraud was conducted over chat and online forums. In fact, online forums were where the gang initially met and came together. This indicates that cybercrime can be highly coordinated and difficult to track.   

International Efforts

It’s clear that the Goznym crew operated internationally even though their primary targets were American citizens. They are not the only criminal organization operating in this way. Other cybercrime gang has been found to follow this pattern as well, suggesting an operational trend.  

An international criminal enterprise such as this required an equally innovative approach from law enforcement. International authorities synchronized their efforts in an attempt to narrow the parameters of operation for the Goznym gang. The efforts paid off, and the gang faced justice. 

Although the law enforcement was successful in this case and the international coordination efforts must be applauded, there’s no escaping the fact that despite facing justice, most of the defendants walked free. This is another challenge of working between borders and authorities. 

Russia did not cooperate in the investigation despite many of the gang’s leaders possessing Russian passports. Unfortunately, Russia is not the only country unwilling to take serious action against cybercriminals, meaning that gangs like the Goznym crew can find places to hide.  

Visit Tampafp.com for PoliticsTampa Area Local NewsSports, and National Headlines. Support journalism by clicking here to our GiveSendGo or sign up for our free newsletter by clicking here

Android Users, Click Here To Download The Free Press App And Never Miss A Story. Follow Us On Facebook Here Or Twitter Here.

Advertisement

Login To Facebook From Your Browser To Leave A Comment

Leave a Reply

Your email address will not be published.