At the final stage of the operation, spec-ops forces of the Ukrainian police KORD was engaged to detain the organizer of the network in the Ukrainian city of Poltava. “During the search at the detainee’s premises, the law enforcers seized computer equipment worth $72,000 and other devices,” Lutsenko said.
The acting chief of Ukrainian police added that the criminal organization consisted of 27 people from different countries, of whom ten people were Ukrainian citizens.
In a joint press release by Eurojust and Europol, the organizations say that the investigation had lasted for more than four years, involving also the German and U.S. prosecutors, the U.S. Department of Justice and the FBI, Eurojust, Europol and other partners.
"The Avalanche network was used as a delivery platform to launch and manage mass global malware attacks and money mule recruiting campaigns. It has caused an estimated EUR 6 million in damages in concentrated cyberattacks on online banking systems in Germany alone. In addition, the monetary losses associated with malware attacks conducted over the Avalanche network are estimated to be in the hundreds of millions of euros worldwide, although exact calculations are difficult due to the large number of malware families managed through the platform," reads the release.
Read alsoUkrainian IT-volunteers put $13 mln in terrorists' accounts on deadlockA total of "five individuals were arrested, 37 premises were searched, and 39 servers were seized. Victims of malware infections were identified in over 180 countries."
On the action day, Europol hosted a command post at its headquarters in The Hague. From there, representatives of the involved countries worked together with Europol’s European Cybercrime Centre and Eurojust officials to ensure the success of such a large-scale operation.
Read alsoUkraine hacktivists exact "digital revenge" on aggressor state Russia The criminal groups have been using the Avalanche infrastructure since 2009 for conducting malware, phishing and spam activities. They sent more than 1 million e-mails with damaging attachments or links every week to unsuspecting victims.
Read alsoMicrosoft says Russia-linked hackers exploiting Windows flawMillions of private and business computer systems were infected with malware, enabling the criminals operating the network to harvest bank and e-mail passwords.
The money mule schemes operating over Avalanche involved highly organized networks of 'mules', who purchased goods with stolen funds, enabling cybercriminals to launder the money they acquired through the malware attacks or other illegal means.
Over 130 TB of captured data was analyzed and the server structure of the botnet was identified, allowing for the shutdown of thousands of servers and, effectively, the collapse of the entire criminal network.
Read alsoHow France's TV5 was almost destroyed by 'Russian hackers' – BBCThe law enforcers note that this action will not clean malware off any infected computers – it will merely deny the Avalanche users' ability to communicate with infected victims' computers. Avalanche victims' computers will still be infected, but shielded from criminal control.
