14 DAY TRIAL // Individuals in Ukraine were arrested by European law enforcement last week in a joint operation that targeted members of a group suspected of developing, distributing and using Zeus and SpyEye banking malware.
Authorities apprehended five people considered to be high-level cybercriminals, raided eight houses in four cities, and seized computer equipment and electronic devices for forensic analysis.
Some group members are still at large
The action that took place on June 18 and 19 is part of an investigation started in 2013 which collected an impressive amount of threat information and data from forensic examinations and intelligence analysis reports.
Europol says that the effort required analysis of terabytes of data, its malware analysis system going through thousands of files, transforming bits of details into actionable intelligence for tracing cybercriminals that continue to evade law enforcement.
The high-level cybercriminals and their accomplices are accused of using the malware to steal money from online banking accounts in Europe and outside and laundering it through money-mule networks.
“On the digital underground forums, they actively traded stolen credentials, compromised bank account information and malware, while selling their hacking ‘services’ and looking for new cooperation partners in other cybercriminal activities,” Europol said in a statement on Thursday.
Total arrest count reaches 60 people
The group made victims on all continents and infected tens of thousands of machines with banking Trojan. Despite the large operation, though, Europol says that the financial damage is estimated to start at €2 / $2.2 million.
Since the investigation began, a total of 60 individuals were arrested, 34 of them being captured in a “money mule” operation by Dutch law enforcement.
Europol’s involvement consisted in hosting coordination meetings between participating members of the joint investigation team (JIT), while Eurojust offered legal advice for the JIT agreement and provided contacts at judicial level in non-EU Member States, Ukraine in particular.
SpyEye developers arrested in 2013
Two developers of the SpyEye banking malware had already been arrested. Aleksandr Andreevich Panin, who admitted being the main developer of the malware, was caught at the Hartsfield-Jackson Atlanta International Airport on July 1, 2013, upon returning from a vacation in the Dominican Republic.
Hamza Bendelladj, who played a critical part in developing and marketing the threat, was extradited from Thailand to the US on May 2, 2013, during a transition from Malaysia to Egypt.
SpyEye is estimated to have infected at least 1.4 million machines across the globe and was sold to more than 150 cybercriminals for prices between $1,000 / €890 and $8,500 / €7,600.