The leader of a cybercriminal gang responsible for the Carbanak and Cobalt malware attacks was arrested by Spanish police.
Citing Europol, Reuters reported that Spanish police arrested an individual who they believe is the leader of the group that was able to steal $1.2 billion from banks by changing account balances and having ATMs dispense cash. Identified as “Denis K,” the person was arrested in the port city of Alicante in Spain after cooperation between law enforcement in the U.S., Asia and Europe. The suspect was arrested along with three other members, who were originally from Russia and the Ukraine, the Interior Ministry said.
Europol contends the group has been operating since 2013 and has members in 40 countries around the globe. The attackers targeted around 100 financial institutions. They sent malware-infected emails to bank employees to access their networks and servers to engage in the fraud.
“With that level of access, the nefarious individuals authorize fraudulent bank transfers, raise the balances of mule accounts or command-affected ATMs to spit out the money for them,” Europol said. During the police raid, the Interior Ministry seized jewels worth €500,000 and two luxury vehicles. Europol also blocked bank accounts and two houses that have a market value of €1 million. The law enforcement agency said the group used so-called mules that would take money from ATMs as they were attacked. Until 2015, the Russian mafia was tapped for that; in 2016, the gang turned to the Moldovan mafia.
Some of the hackers involved are Russian or have ties to Russia, but Russian banks weren’t necessarily immune to the group’s attacks. In February, Reuters reported Russian banks had a rough 2017 in terms of cybersecurity incidents. Russian bank officials revealed that hackers lifted over 1 billion roubles ($17 million) from Russian banks last year using the Cobalt Strike security-testing tool.
Russian institutions have been under scrutiny for various cybercrimes over the last 18 months, as reports have emerged that Moscow-backed hacking units have been instrumental in cyberattacks on the U.S. and across Europe. However, authorities in Russia seem to suggest that Russians are just as likely to be victims of a cyberattack as anyone else — and that they’re working hard to lock out hackers.