Published: Wed, March 28, 2018
Entertaiment | By Paul Elliott

Spanish police nab alleged 'mastermind' of bank hacks

Spanish police nab alleged 'mastermind' of bank hacks

Europol said in an announcement on Monday that just the Cobalt malware alone allowed the crooks to steal up to €10 million per heist.

Steven Wilson, Head of Europol's European Cybercrime Centre (EC3), said: "This global operation is a significant success for worldwide police cooperation against a top level cybercriminal organisation".

The leader of Russian-Ukrainian cybercrime gang Carbanak, allegedly responsible for stealing billions of Euros from hundreds of banks, has been arrested in Spain.

The gang's leader, whose identity remains undisclosed, was arrested in Alicante, Spain "after a complex investigation conducted by the Spanish National Police, with the support of Europol, the US FBI, the Romanian, Moldovan, Belarussian and Taiwanese authorities and private cyber security companies".

Denis K. reportedly used financial platforms in Gibraltar and the United Kingdom to load prepaid cards with bitcoin and spend them in Spain on cars, homes and other goods.

Officials say the gang - known as both the "Anunak" and "Carbanak" gang, referring to two strains of malware developed by the group - has been tied to attacks involving both Carbanak as well as Cobalt malware.

This malware later evolved into the now well-known Carbanak strain, which was used until 2016. The criminals would send out to bank employees spear phishing emails with a malicious attachment impersonating legitimate companies.

Cash was extracted using one of three systems.


After 2016, the threat actors extended their reach to include malware based on the Cobalt Strike penetration testing software, which also permitted the remote control of victim PCs, leading to the infection of servers which control ATMs. Once downloaded the software would allow the cybercriminals free access to remotely control the victim's machines and then infect the servers controlling the ATMs.

However, with the ring-leader arrested the gang is nearly certainly out of business: the as-yet-unnamed leader was responsible for developing the malware, so without him, the cyber criminal group may have lost the brains of the operation.

Moreover, the release indicates that Europol and other investigation agencies couldn't have succeeded had it not been for its cooperation with private sector entities, namely the European Banking Federation (EBF).

"This is the first time that the EBF has actively cooperated with Europol on a specific investigation", says Wim Mijs, CEO of the EBF.

Steven Wilson, Head of Europol's European Cybercrime Centre (EC3), said: "This global operation is a significant success for worldwide police cooperation against a top level cybercriminal organisation".

"They then take the money and convert it into cryptocurrencies".

Ross Rustici, senior director of intelligence services at Cybereason, called this "positive news for cybersecurity across the globe" as the manner in which this individual was caught continues to demonstrate the importance of public-private partnerships and the global nature of cybercrime.

They'd use the e-payment network to transfer money into criminal accounts.

Like this: