Advertisement
Subscribe to our daily newsletter.
Subscribe

Cybercrime gang leader who caused ATMs to spit cash is arrested

Europol has caught another notorious hacker in Spain.

By

(Getty)

The leader of Russian-Ukrainian cybercrime gang Carbanak, allegedly responsible for stealing billions of euros from hundreds of banks, has been arrested in Spain.

Over the last five years, the “Carbanak” group has stolen roughly 1.2 billion euros from more than 100 financial institutions, according to a dual announcement Monday by Europol and police in Spain. Carbanak is the name for the cybercrime group as well as its characteristic hacking tool: a malware framework designed to allow the attacker to covertly move money around between different bank accounts.

An individual leading the criminal entity was recently arrested, but police have yet to release their name. At least two other members of Carbanak were also reportedly arrested in a related investigation.

In various cases, Carbanak was able to successfully spearphish banking employees. These breaches saw complex malware spread inside the companies, redirecting funds from legitimate accounts to ATM machines in Eastern Europe which would then dispense cash to “money mules” waiting on the ground.

Advertisement

When Carbanak infects a system, it allows for complete remote access, including the ability to record keystrokes and gain access to the computer’s video camera, according to prior research by cybersecurity companies Kaspersky Lab, IB Group and FireEye. There has been multiple iterations of the Carbanak malware, meaning that the group was likely continuously developing and upgrading their toolset.

The arrest marks yet another high profile win for Europol after the law enforcement organization also arrested Russian hacker Peter Levashov, who ran the notorious Kelihos botnet, in Spain earlier this year.

Security researchers have been tracking Carbanak for years, attributing multiple breaches to their criminal activities. But until today, little was known publicly about who exactly was behind Carbanak. Often the group would convert their illicit gains into Bitcoin before purchasing assets, making them difficult to track.

Chris Bing

Written by Chris Bing

Christopher J. Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology and policy for the American City Business Journals, DC Inno, International Policy Digest and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. Chris is an alumnus of St. Marys College of Maryland, a small liberal arts school based in Southern Maryland. He's a fan of Premier League football, authentic Laotian food and his dog, Sam.

In This Story

Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

RIO DE JANEIRO, BRAZIL – MARCH 01: An aerial view of the statue of Christ the Redeemer during the opening ceremony of the festivities in honor of the 90th anniversary of the statue on March 1, 2021 in Rio de Janeiro, Brazil. The monument was inaugurated in 1931, and the announcement of the festivities coincides with today’s date when the city of Rio de Janeiro celebrates 456 years. (Photo by Buda Mendes/Getty Images)

Potent Brazilian banking trojan resurfaces in South America, despite arrests that averted $4M theft

Latest Podcasts

Special CyberTalks Edition with National Cyber Director Harry Coker

Image of a microphone for a podcast series

Tackling AI-powered threats with zero trust and least privilege access

Securing the Skies: Aerospace Cybersecurity with David Brumley

Verizon’s Lamont Copeland on defending against the expanding attack surface

Government

Technology

Threats

Geopolitics