14 DAY TRIAL // In November 2015, Russian authorities raided the offices of 25th Floor, a Moscow film distribution company, and soon after, activity from the Dyre banking trojan botnet almost stopped altogether, Reuters reports.
According to data provided by IBM's X-Force security team, Dyre is the world's most prevalent banking trojan, with a market share close to 25%.
The malware works by injecting content in the users' browsers and by setting up a local proxy through which criminals record and steal Web and banking credentials, which they later use to commit fraudulent transactions.
Dell's SecureWorks security team estimates that Dyre can target 400 financial institutions and has stolen tens of millions of dollars since its launch.
According to a Reuters report that cites sources inside Russia's law enforcement agencies, a raid that took place on November 15 almost shut down the activity of the Dyre botnet.
No official charges have been made public until now, but authorities seemed to have had help from Kaspersky, a local Russian cyber-security vendor.
First time Russia goes after a cyber-crime gang that never targeted Russian citizens
In the past, Russian authorities have only gone after cyber-criminals that have defrauded Russian citizens, and have avoided working with foreign law enforcement agencies to dismantle hacking groups suspected of operating inside Russia.
If the Reuters report is accurate, this would be the first time when Russia has gone after a cyber-crime gang that has never targeted Russian banks or citizens.
In the Russian cyber-crime underground, it was an unwritten rule that cyber-crooks should never go after Russians, unless they wanted a visit from local authorities.
Reuters verified the report's accuracy with John Miller from the US-based security firm iSight Partners, who confirmed a decline in activity from the Dyre botnet without knowing of the raid and the arrests.
UPDATE: Following the Reuters story, Symantec has also come out to report that they've stopped seeing the same level of activities from the Dyre botnet.
