Voice of America
16 May 2019, 23:35 GMT+10
WASHINGTON -- The list of victims runs the gamut. A small-town Texas church. A Washington, D.C., law firm. A nonprofit organization in Illinois that works with disabled children.
They are among the tens of thousands of businesses and other organizations in North America and Europe that were targeted by an Eastern European cybercrime syndicate in recent years.
The 11 cybercriminals behind the scheme, U.S. and European law enforcement officials announced Thursday, infected more than 41,000 computers with a malware program known as GozNym in an attempt to steal more than $100 million from their bank accounts.
Prosecutors described the network as a "highly structured" online organized crime network, with each member assigned a special role.
The cybercriminals
Alexander Konovolov oversaw the operation. The 35-year-old Georgian national assembled his team of cybercriminals through underground Russian language criminal forums.
Russian computer programmer Vladimir Gorin was the brains behind GozNym. Four other Russians served in other roles.
A Bulgarian "casher" was tasked with using login credentials captured by GozNym to illegally transfer funds from the victims’ bank accounts into accounts controlled by the network.
And Ukrainian Gennady Kapkanov, 36, was an administrator of the Avalanche network, a platform that hosted more than 20 malware campaigns, including GozNym, before it was taken down in late 2016.
Phishing attack
To gain control of their victims’ computers, the conspirators turned to what is still the most common form of a cyber intrusion: sending "phishing" emails to unsuspecting employees.
In a phishing attack, a legitimate-looking business email is sent to a company employee with instructions to open a link. Once opened, the link deploys malware such as GozNym, giving the perpetrator access to the information stored on the victim’s computer.
In many GozNym cases, the emails sent to the victims appeared to contain bills or invoices.
In the case of the Washington, D.C., law firm, on Feb. 16, 2016, the conspirators allegedly sent an email to an employee from "Quicken Billpay-center." The employee clicked on the link included in the email, allowing GozNym to be installed on the firm’s computer network.
With GozNym capturing the firm’s banking credentials, things were set in motion.
On Feb. 25, Konovolov, the Georgian ringleader, and Krasimir Nikolov, the Bulgarian "casher" exchanged details of a Massachusetts-registered bank account where they intended to transfer the stolen funds.
That same day, Nikolov, using the law firm’s stolen banking credentials, attempted to transfer $97,520 from the firm’s Bank of America account into the account the network controlled in Massachusetts. The transaction resulted in a loss of more than $76,000, prosecutors said.
Pennsylvania indictments
The 11 conspirators were named in a criminal indictment unsealed by prosecutors in the Western District of Pennsylvania, where some of the victims are located. The FBI’s Pittsburgh Field Office, which leads many of the bureau’s high profile cybercrime investigations, began looking into GozNym two years ago.
The five Russians named in the indictment remain at large. But the six others are in custody in the U.S., Georgia, Moldova and Ukraine.
Nikolov, the Bulgarian "account takeover specialist," was arrested by Bulgarian authorities and extradited to the United States in 2016.
Five others are from Georgia, Kazakhstan, Moldova and Ukraine, countries with which the United States doesn’t have extradition treaties. To ensure they’re prosecuted in their home countries, U.S. officials said they shared evidence with prosecutors in Georgia, Ukraine and Moldova.
New era of fighting cybercrime
This was something the U.S. had never done before, said Scott W. Brady, U.S. Attorney for the Western District of Pennsylvania.
"International law enforcement has recognized that the only way to truly disrupt and defeat transnational, anonymized networks is to do so in partnership," Brady said at a press conference at The Hague. "The collaborative and simultaneous prosecution of the members of the GozNym criminal conspiracy in four countries represents a paradigm shift in how we investigate and prosecute cybercrime."
The development marks the latest takedown of an organized crime network operating on the internet.
"This takedown highlights the importance of collaborating with our international law enforcement partners against this evolution of organized cybercrime," said FBI Pittsburgh Special Agent in Charge Robert Jones.
Get a daily dose of Mexico Star news through our daily email, its complimentary and keeps you fully up to date with world and business news as well.
Publish news of your business, community or sports group, personnel appointments, major event and more by submitting a news release to Mexico Star.
More InformationNEW DELHI, India: Birkenstock is stepping up its efforts to protect its iconic sandals in India, as local legal representatives conducted...
Fuel is only one of so many problems when death, destruction and displacement are being reported daily, as hopes for a possible ceasefire...
Representatives of women's organizations and networks that were part of the first delegation of gender experts at the talks in Havana...
(250710) -- LATAKIA (SYRIA), July 10, 2025 (Xinhua) -- Photo taken with a mobile phone on July 10, 2025 shows burned trees in province...
Agartala (Tripura) [India], July 10 (ANI): Heavy and continuous rainfall across Tripura has triggered severe flooding in South Tripura...
Dispur (Assam) [India], July 10 (ANI): The Assam cabinet on Thursday approved the proposal to enhance the remuneration of Gaon Pradhans...
WASHINGTON, D.C.: Travelers at U.S. airports will no longer need to remove their shoes during security screenings, Department of Homeland...
WASHINGTON, D.C.: An elaborate impersonation scheme involving artificial intelligence targeted senior U.S. and foreign officials in...
SLUBICE, Poland: Poland reinstated border controls with Germany and Lithuania on July 7, following Germany's earlier reintroduction...
WASHINGTON, D.C.: After months of warnings from former federal officials and weather experts, the deadly flash floods that struck the...
MOSCOW, Russia: Just hours after his sudden dismissal by President Vladimir Putin, Russia's former transport minister, Roman Starovoit,...
DHARAMSHALA, India: The Dalai Lama turned 90 on July 6, celebrated by thousands of followers in the Himalayan town of Dharamshala,...