Europol and Eurojust successfully worked with law enforcement agencies from seven countries to dismantle a Ukrainian cybercriminal network. The main members were thus caught by the courts, after having nevertheless organized numerous ransomware attacks in 71 different countries. A team, certainly more modest than the one behind Ragnar Locker, but with equally devastating potential. This is a splendid victory for global cybersecurity.
Criminal methodology and international impact
The criminals in question had a fairly large and sophisticated arsenal of programs: LockerGoga, HIVE, MegaCortex, Dharma (ransomware with different functions and which allowed them to act in the shadows before launching their attacks). Their various modes of operation consisted of stealing identification data, using SQL (Structured Quality Language) to manipulate databases and creating phishing campaigns.
Once the systems were compromised, the kidnappers had specialized tools to spread into other systems: Cobalt Strike (penetration testing tool diverted from its original use), Powershell Empire (remote control framework) or TrickBot (software theft of financial information).
International response and arrests
As of November 21, several raids resulted in the seizure of crypto assets, vehicles and computer equipment. Among the participants, countries such as France, Norway, Switzerland, Germany, the Netherlands and the United States collaborated with the Ukrainian police. Europol, for its part, has succeeded in establishing a virtual command center in the Netherlands. The 32-year-old mastermind of the group, as well as his four accomplices, were arrested.
The first cry of alarm regarding this network, however, dates from 2019 and comes from the French authorities (cocorico!), who encouraged the establishment of a collaboration of other international agencies to carry out this cyber-tracking. In 2021, 12 other people linked to the same group were also arrested.
A large-scale operation, which proves once again how important cooperation between countries is to fight on equal terms against this type of network. Despite the complex situation in Ukraine, the arrest was a success. Even though the group is not as big as the famous LockBit (which just took on Boeing), ending its activities was necessary.
Source : Bleeping Computer
10