US authorities announced Thursday that they have dismantled “the world’s largest ever botnet”, which is allegedly responsible for Covid insurance fraud of nearly $6bn.
The Department of Justice has arrested YunHe Wang (35), a Chinese citizen, and confiscated luxury watches, over 20 properties, and a Ferrari. Wang, along with others, operated networks called “911 S5” that spread ransomware through infected email from 2014 to 2020. Wang is said to have made $99m from licensing his malware. The network is alleged to have raked in $5,9bn from fraudulent unemployment claims made by Covid relief programs.
Matthew Axelrod, assistant secretary of the US Commerce Department for export enforcement, said that the conduct described here was like something out of a movie.
Wang could face up to 65-years in prison for the following charges: conspiracy to perpetrate computer fraud, substantive fraud by computer, conspiracy to perpetrate wire fraud, and conspiracy to launder money.
The European Union’s justice agencies and police referred to the operation as the largest international operation ever against cybercrime.
Eurojust, the European Union’s agency for judicial co-operation, announced on Thursday that four “high-value” suspects were arrested, more than 100 servers were taken down, and more than 2,00 domains seized.
Eurojust reported that the massive takedown, codenamed Endgame this week, involved coordinated actions in Germany, France, Denmark Ukraine, United States, and United Kingdom. Three suspects have also been arrested in Ukraine, and one in Armenia. Europol, the EU’s police agency, said that searches were conducted in Ukraine, Portugal the Netherlands, and Armenia.
This is the latest international effort to disrupt malware and ransomware. Eurojust reported that the operation followed a massive botnet takedown in 2021 called Emotet. A botnet is an organized network of computers that are hijacked and used to carry out malicious activities.
Europol has promised that this will not be the final takedown.
“Operation Endgame doesn’t end today. Europol announced in a press release that new actions would be announced via the Operation Endgame website.
The Dutch police estimated that the financial damages caused by the network to governments, businesses and individual users amounted to hundreds of millions euros.
The Dutch statement stated that “millions of other people are also victims, because their systems have been infected and they became part of these botnets.”
Eurojust reported that one of the suspects made cryptocurrency equivalent to at least €69m (74m USD) by renting criminal infrastructure in order to spread ransomware.
Europol said that the suspect’s transactions were constantly monitored, and a legal authorization to seize assets in future actions had already been granted.
The operation was targeting malware “droppers”, including IcedID Pikabot Smokeloader Bumblebee Trickbot. Droppers are malicious programs that spread through emails with infected links, or attachments like shipping invoices and order forms.
Europol stated that “this approach had a worldwide impact on the dropper eco-system.” The malware, which had its infrastructure taken down in the course of action days, was a catalyst for attacks with ransomware, and other malicious software.
The Dutch police warned cybercriminals to be aware that they could be caught.
Stan Duijf, Dutch national police, said in a video that “this operation proves you always leave traces, no one is unfindable even online.”
Martina Link described the operation as “the largest international cyber-police operation to date”.
She said that “thanks to intensive international collaboration, it was possible for six of the largest malware families to be rendered harmless.”
Seven people are wanted by German authorities on suspicion that they were members of an illegal organization with the goal of spreading the Trickbot malware. Eighth person suspected to be one of the leaders of the group behind Smokeloader.
Europol has added eight German suspects to its Most Wanted list.
Post Disclaimer
The following content has been published by Stockmark.IT. All information utilised in the creation of this communication has been gathered from publicly available sources that we consider reliable. Nevertheless, we cannot guarantee the accuracy or completeness of this communication.
This communication is intended solely for informational purposes and should not be construed as an offer, recommendation, solicitation, inducement, or invitation by or on behalf of the Company or any affiliates to engage in any investment activities. The opinions and views expressed by the authors are their own and do not necessarily reflect those of the Company, its affiliates, or any other third party.
The services and products mentioned in this communication may not be suitable for all recipients, by continuing to read this website and its content you agree to the terms of this disclaimer.