In a series of targeted malware attacks that began in 2013, a “cybercrime gang” of hackers stole over €1 billion (or about $1.6 billion) from banks worldwide. On Monday, the European Union Agency for Law Enforcement Cooperation (Europol) announced they’d arrested the gang’s apparent leader in Spain. In a statement, Europol officials say they coordinated with law enforcement agencies across the globe, including the FBI, the European Banking Federation, as well as police in Spain, Romania, Belarus and Taiwan.
The Carbanak group, alternatively known as Anunak or Cobalt, attacked over 100 banks in 40 different countries using complex malware schemes that took over banks. In an infographic, Europol described how group pulled off the sophisticated heists. (Of course, it started with emails.)
First, bank employees were sent phishing emails that infected their machines with malware. The malware spread to the bank’s servers and eventually ATMs, which were then programmed to spit out cash at pre-determined times. With control of the servers and ATMs, money was cashed out in three different ways. Members of the group waited to scoop up the cash being spit out by ATMs, and money from the banks was wired into criminal accounts. The group also compromised databases with account information by inflating account balances, then skimming off the difference for themselves before anyone noticed. Europol says with each heist the group stole upwards of €10 million (or about $16 million). According to Europol’s press release, the money was “also laundered via cryptocurrencies, by means of prepaid cards linked to the cryptocurrency wallets which were used to buy goods such as luxury cars and houses”.
Police have not named the person they have arrested, however securities experts found Anunak had ties to both Russia and the Ukraine in 2014.