GozNym Trojan creators sentenced for stealing more than $100 million


Hackers behind the GozNym virus used to steal money from U.S companies got sentenced from five to seven years in prison

Members of the cybercrime group got sentenced

The hacker group that affected 41,000 computers in business and financial institutions between 2015 and 2016 got sentenced.[1] People responsible for GozNym banking Trojan[2] attacks, during which $100 million got stolen from businesses in the U.S, faced charged in multi-national prosecutions in Pittsburg and Tbilisi, Georgia.[3]

According to a press release from Europol,[4] 10 members of the criminal network faced the jury back in May, for infecting computers with the banking trojan that captured banking logins and used the stolen data to gain access to online accounts. This is the method that allowed hackers to transfer funds from victims to their bank accounts.

The scheme of GozNym banking trojan attacks showed the unprecedented way how law enforcement officers around the world could no longer operate and prosecute cybercriminals. Malware during attacks got delivered with the help of malspam campaigns. Victims included hundreds of thousands of individual users and organizations.

Members of the hacker group got sentenced separately

In the court on Friday, Bulgarian citizen Krasimir Nikolov that was already serving for 39 months, got sentenced to additional time for charges of criminal conspiracy, bank, and computer fraud. This person was the main account specialist that used banking credentials to transfer money from victims’ accounts to hacker-controlled ones. He was sentenced in Pittsburg, Pennsylvania, and is going to be transferred to Bulgaria to serve out the sentence. 

The other two members of the hacker group Alexander Konovolov and Marat Kazandjian, also got arrested and prosecuted in Georgia to seven and five years of imprisonment. Alexander was the head of this criminal organization and the one who started and controlled the network that infected 41,000 infected computers, so his sentence ins two years longer than his assistant Marat’s. 

The FBI agent and computer scientists from the Pittsburg Field Office witnessed on trial. Also, evidence from the FBI and U.S Attorney’s Office obtained as a parallel investigation of the prosecution. GozNym attack was successful because of the cooperation between cybercrooks in many countries like Russia that have no extradition agreements with the U.S, so such arrests are essential. Still, it is difficult to change the landscape of digital crime.[5]

The functionality of malware as a service

GozNym network was the example of cybercrime as a service attack by using different criminals services:

  • cyberattacks;
  • bulletproof hosters;
  • money mule networks;
  • spammers;
  • coders;
  • organizers;
  • technical support.

People behind the malware advertised their skills and services in underground forums, Russian language-based online forums for criminals. The group was formed when needed. People got recruited from such platforms.

Konovolov assembled the team of elite cybercriminals charged in the Indictment, in part by recruiting them through underground online criminal forums.

GozNym criminal group used the hosting service provided by the Avalanche network that provided this service for more than 200 hacker groups and was involved in at least twenty different malware campaigns.[6]