Per a March 26 2018 press release published by Europol, the leader of a cybercrime syndicate that invaded over 100 financial institutions in 40 countries was arrested recently.
A combined global law enforcement effort spanning Europol, the US FBI, the Romanian, Moldovan, Belarussian, and Taiwanese authorities as well as private cyber security firms, led to the takedown after a long and complex investigation.
Originating in 2013 with the Anunak malware tirade, the criminal organization targeted financial transfers and ATM networks of institutions worldwide. The Anunak code was improved upon and evolved in to Carbanak, used until 2016, where it was again boosted in sophistication utilizing Cobalt Strike penetration testing software.
The malware campaign facilitated massive infiltration by way of phishing emails targeting employees of financial institutions, impersonating legitimate companies and attaching malicious software to these emails. If the targeted victim/employee opened or downloaded the attachment, remote access would be unknowingly activated, allowing the hacker to remotely operate the victim's computer - giving them unfettered access to internal banking networks and leading to the infection of servers controlling ATMs worldwide.
ATMs were remotely commanded to dispense funds at a pre-determined time, where members of the crime gang collected the cash, using an e-payment network to transfer funds into criminal accounts. Money mules similarly collected funds from compromised accounts which had falsely inflated balances, another action of infected databases modifying account informatoin.
To launder the stolen funds, they were converted in to cryptocurrencies, and used to purchase luxury goods.
