International law enforcement investigators have made a number of high-profile arrests after tracking a major cybercrime group for more than four years. A joint investigation team, spearheaded by French authorities, formed in 2019 to bring down a ransomware group linked to major attacks across the world. Announcing the news today, Europol said that five individuals were arrested, including the 32-year-old leader of the group and four of its "Most active accomplices." A virtual command post was also established in Europol's Netherlands headquarters where data taken from the property raids was analyzed "Immediately." Europol said today in a press release that the arrests led to the "Dismantlement" of the group. The arrests follow 12 that were made in 2021, two years after the JIT was first assembled. Members of the same group were arrested in Ukraine and Switzerland, and key electronic devices were seized for forensic analysis, along with $52,000 in cash and five luxury vehicles. The seizure of the electronic devices and their subsequent analysis led to the identification of the key members arrested last week. Europol said "a number of operational sprints [had] been organized," heavily involving the Norwegian authorities over the past two years to analyze the devices. Asked why the arrests have come so long after the initial seizure, a spokesperson told The Register that it takes time to gather enough evidence to prosecute cybercriminals. "Whenever you do all the forensic work, you uncover other leads, but open up the investigation that feeds into other existing investigations. That's why we were only able to do the second round of actions now." Europol believes this didn't slow investigations down at all, but the operation had to be reorganized. The names of those arrested have not been released and the ransomware group itself doesn't behave like LockBit, AlphV/BlackCat or Rhysida. The cybercriminals were well-resourced and used multiple different strains to attack their targets. Europol said the group had attacked more than 250 servers belonging to organizations in 71 countries, netting the group hundreds of millions of euros in the process. The group isn't tracked with a moniker, as many repeat offenders are, but it is responsible for major historical attacks, perhaps most notably the ransomware incident at Norsk Hydro. The spokesperson said the arrested cybercriminals were not core members of any of the organizations behind the ransomware strains they used. Some were responsible for the actual intrusion into victims' systems, while others specialized in areas such as money laundering - a branch of ransomware operations that's also under close examination by global authorities. "Those responsible for breaking into networks did so through techniques including brute force attacks, SQL injections, and sending phishing emails with malicious attachments in order to steal usernames and passwords," Europol said. "Once inside the networks, the attackers remained undetected and gained additional access using tools including TrickBot malware, Cobalt Strike, and PowerShell Empire, in order to compromise as many systems as possible before triggering ransomware attacks." .
This Cyber News was published on www.theregister.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000