Europol Arrested GozNym Malware Actors in Simultaneous International Operation


  • GozNym actors were caught in the net of Europol’s intelligence, during an international operation.
  • The police made ten arrests across Moldova, Ukraine, Bulgaria, Georgia, and the United States.
  • The group had tried to steal about $100 million from 41000 targets.

In what Europol characterizes as “an unprecedented, international law enforcement operation”, they have managed to dismantle a complex network of cybercrime actors, arresting ten as its members and accusing them of conspirating to commit the following three things:

  • infecting victims’ computers with GozNym malware designed to capture victims’ online banking login credentials;
  • using the captured login credentials to fraudulently gain unauthorized access to victims’ online bank accounts;
  • stealing money from victims’ bank accounts and laundering those funds using U.S. and foreign beneficiary bank accounts controlled by the defendants.

The actors have an already rich history of extensive action against thousands of victims. More specifically, it is estimated that they have targeted more than 41000, including individuals, organizations, businesses, and financial institutions. Through this targeting, the group tried to steal approximately $100 million, some of which they managed to pocket.

image source:

The report places the leader in Tbilisi, Georgia, who bought the malware from a developer in Russia. Then the leader recruited accomplices by searching in darknet forums who helped launch the attacks. Those who covered the group’s tracks were in Kazakhstan and Moldova, doing “crypting” work for the malware that was used. Finally, spammers in Russia were responsible for propagating the infection by sending hundreds of thousands of phishing email messages to the potential victims. The group operated like a well-oiled machine, but unfortunately for them, they were racing against the devotion and perspicacity of Europol’s agents.

The international operation that was led by Europol and engaged local police forces in various countries took place in Moldova, Ukraine, Bulgaria, Georgia, and the United States. As Europol points out, this is the result of a long-term collaborative effort with the European Union’s Judicial Cooperation Unit, as well as the law enforcement in the involved countries. Of course, specific banking information was also used by Europol for the tracking of the actors.

What do you consider a fair punishment for the GozNym group? Let us know in the comments section below, and also join the discussion on our socials, on Facebook and Twitter.