In a statement, Europol officials say they coordinated with law enforcement agencies across the globe, including the Federal Bureau of Investigation, the European Banking Federation, as well as police in Spain, Romania, Belarus and Taiwan. By the following year, the same coders improved the Anunak malware into a more sophisticated version, known as Carbanak, which was used in until 2016.
Anunak malware first appeared in 2013, and later developed into a more sophisticated strain called Carbanak, which remained in use through at least 2016 (see Sophisticated Carbanak Banking Malware Returns, With Upgrades).
This gang has been operating since 2013, and they have attacked banks, e-payment systems and financial institutions using pieces of malware they designed (Carbanak and Cobalt).
Steven Wilson, head of Europol's European Cyber Crime Centre, said: "This global operation is a significant success for worldwide police cooperation against a top level cyber criminal organisation".
In all these attacks, a similar modus operandi was used. Using company emails as their vector of attack, the team would send out seemingly legitimate emails to bank employees that contained phishing malware. As with Carbanak, Cobalt allowed the criminals to breach into a bank's central server or network through phishing attacks, giving them complete control and access over a variety of functions.
Moreover, the release indicates that Europol and other investigation agencies couldn't have succeeded had it not been for its cooperation with private sector entities, namely the European Banking Federation (EBF).
Europol says this investigation was one tangled bowl of spaghetti: with the mastermind, coders, mule networks, money launderers and victims all located in different locations around the world, it involved worldwide police cooperation, coordinated by Europol and the Joint Cybercrime Action Taskforce.
"It clearly goes beyond raising awareness on cyber security and demonstrates the value of our partnership with the cyber crime specialists at Europol". It instructed ATMs to spew out money at pre-determined times, prompted the transfer of money into the gang's accounts, and modified bank databases to inflate the balances of certain accounts.
Once the hackers gained access, they would begin to spread malware throughout the bank's internal network.
The group also inflated money mules' bank account balances and used them to collect the money. "The arrest of the key figure in this crime group illustrates that cyber criminals can no longer hide behind perceived global anonymity", he said.
EBF chief executive Wim Mijs said: "This is the first time that the EBF has actively co-operated with Europol on a specific investigation".
"The detainee used financial platforms in Gibraltar and the United Kingdom to load prepaid cards with this cryptocurrency that he could use in Spain for the purchase of all types of goods and services - including vehicles and homes", Spanish National Police say.
- NASA announces more delays for giant space telescope
- Positive vibes from fans would give England a boost: Sterling
- Former radio jockey hacked to death at his studio in Kerala
- National Football League owners unanimously approve new (improved?) catch rule
- Meet Marvia Malik, Pakistan's first transgender news anchor
- Nvidia Halts Self Driving Car Tests After Uber Mishap
- Shloka Mehta, Mukesh Ambani others at event; Watch video
- Johnny Manziel keeping door to CFL, Ticats wide open
- Countries sponsoring terrorism pay U.S. for support: Iran diplomat
- Reality star Abby Lee Miller transferred to halfway house