In the last five years, the group FIN17 targeted more than 100 financial institutions all over the world and effectively stole millions of dollars at a time.
“The criminal profits were laundered via cryptocurrencies, by means of prepaid cards linked to the cryptocurrency wallets which were used to buy goods such as luxury cars and houses,” Europol’s statement said.
The crime group manufactured the vicious Anunak malware in 2013 targeting bank ATMs worldwide, and later developed a more sophisticated cyber weapon, Carbanak. The software would be sent to bank employees via phishing emails with infected attachments which, once downloaded, gave the group remote access to control the machine and enter the internal banking network.
The money would be cashed out in three ways: a mule would wait at an ATM at a specific time when it was programmed to spit out money, e-transfers were initiated to transfer funds to the criminal organization from the banks, and account balances were inflated after which mules would collect the money manually.
The investigation took years and extensive collaboration between Europol, the FBI, the Joint Cybercrime Action Taskforce, the European Banking Federation, Spanish, Romanian, Moldovan, Belarusian, and Taiwanese authorities, and private cyber-security experts to track the group due to their concealment of the stolen funds in cryptocurrency.
Police have yet to give details on the leader other than that he is of Ukrainian origin. Three other Russian and Ukrainian nationals were also arrested in connection with the group.