US charges Russian man believed to be behind 'GOZ' botnet

By

Accused of stealing banking credentials, distributing ransomware

The US Justice Department has charged a Russian national with writing computer code used to compromise banking systems and assist others in stealing banking credentials.

US charges Russian man believed to be behind 'GOZ' botnet

The government has unsealed a 14-count indictment accusing Russian national Evgeniy Mikhaylovich Bogachev, who authorities said is known online as Lucky12345, of involvement in the creation of the Gameover Zeus, or GOZ botnet.

Authorities claim Bogachev and his group infected thousands of business computers with software that captured passwords, account numbers, and other information.

The botnet derives its name from a version of the Zeus credential-stealing software, which is said to have caused US$100 million (A$ 108 million) in losses to consumers and businesses since it first surfaced in 2007. 

The malware’s primary purpose was to capture banking credentials and is said to have infected between 500,000 and one million machines worldwide.

GOZ was also used to distribute Cryptolocker ransomware with criminals promising to unscramble data if the user paid them a ransom of as much as US$700 (A$757).

An international operation disrupted the crime ring. Authorities used technical and legal tactics to interrupt the so-called botnet's operations, shutting down the servers the criminals used to control infected machines and causing those machines to "phone home" to servers controlled by law enforcement.

“These schemes were highly sophisticated and immensely lucrative, and the cyber criminals did not make them easy to reach or disrupt,”  said Leslie Caldwell, who heads the US Justice Department's criminal division.

The US Department of Homeland Security set up a website to help victims remove the GOZ malware.

The European Cybercrime Centre also participated in the operation, along with Australia, Canada, France, Germany, Italy, Japan, Luxembourg, New Zealand, Ukraine and the United Kingdom.

Intel, Microsoft, security software companies F-secure, Symantec, and Trend Micro, and Carnegie Mellon University also supported the operation.

Got a news tip for our journalists? Share it with us anonymously here.
Tags:
cryptolockercybercrimemalwareransomwaresecurity

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?