Since the crime group began its cyberattacks in 2013, they've hit more than 100 financial institutions in 40 countries around the world. They're said to have stolen over $1.2 billion. The crime group started with a malware campaign called Anunak, which later led to more sophisticated versions known as Carbanak and, later, Cobalt. The team would send phishing emails with malicious attachments to bank employees, and once the malware was downloaded, it gave the hackers control over the banks' machines and access to servers that controlled ATMs.
They used three main methods to fraudulently obtain cash. In some cases, they would instruct ATMs to dispense cash at certain times and members of the crime group would wait nearby and grab the cash once it was released. They also took advantage of money transfer systems and in other instances, would inflate bank balances and have money mules withdraw that amount from ATMs. The stolen cash was ultimately laundered with cryptocurrencies.
"This global operation is a significant success for international police cooperation against a top level cybercriminal organisation," Steven Wilson, head of Europol's European Cybercrime Centre, said in a statement. "The arrest of the key figure in this crime group illustrates that cybercriminals can no longer hide behind perceived international anonymity. This is another example where the close cooperation between law enforcement agencies on a worldwide scale and trusted private sector partners is having a major impact on top level cybercriminality."