American authorities announced Thursday that they had dismantled the “largest botnet in the world ever created”, allegedly responsible for nearly $6 billion in Covid insurance fraud.
The Justice Department arrested a Chinese national, YunHe Wang, 35, and seized luxury watches, more than 20 properties and a Ferrari. The networks allegedly operated by Wang and others, dubbed “911 S5,” spread ransomware via infected emails from 2014 to 2022. Wang reportedly amassed a $99 million fortune by licensing his malware to other criminals. The network allegedly harvested $5.9 billion in fraudulent unemployment claims from Covid relief programs.
“The alleged conductor here reads like it’s taken from a script,” said Matthew Axelrod, U.S. assistant secretary for export enforcement at the Commerce Department.
Wang faces up to 65 years in prison if convicted of the charges he faces: conspiracy to commit wire fraud, substantial wire fraud, conspiracy to commit wire fraud and conspiracy to commit wire fraud. money laundering.
Police, coordinated by the European Union’s justice and police agencies, also called it the largest international operation ever against this lucrative form of cybercrime.
The European Union’s judicial cooperation agency Eurojust said Thursday that police had arrested four “high-value” suspects, taken down more than 100 servers and taken control of more than 2,000 internet domains.
This week’s massive takedown, dubbed Endgame, involved coordinated action in Germany, the Netherlands, France, Denmark, Ukraine, the United States and the United Kingdom, Eurojust said. Additionally, three suspects were arrested in Ukraine and one in Armenia. Searches were carried out in Ukraine, Portugal, the Netherlands and Armenia, European police agency Europol added.
This is the latest international operation to disrupt malware and ransomware operations. This followed the mass takedown in 2021 of a botnet called Emotet, Eurojust said. A botnet is a network of hacked computers typically used for malicious purposes.
Europol has promised that this will not be the last dismantling.
“Operation Endgame does not end today. New actions will be announced on the Operation Endgame website,” Europol said in a statement.
Dutch police said the financial damage caused by the network to governments, businesses and individual users was estimated at several hundred million euros.
“Millions of people are also victims because their systems have been infected, making them participate in these botnets,” the Dutch statement said.
Eurojust said one of the main suspects earned cryptocurrency worth at least 69 million euros ($74 million) by renting criminal infrastructure to spread ransomware.
“The suspect’s transactions are constantly monitored and legal authorization to seize these assets in future actions has already been obtained,” Europol added.
afternewsletterpromotion
The operation targeted malware “droppers” called IcedID, Pikabot, Smokeloader, Bumblebee and Trickbot. A dropper is malware typically spread in emails containing infected links or in attachments such as shipping invoices or purchase orders.
“This approach has had a global impact on the dropper ecosystem,” Europol said. “The malware, whose infrastructure was removed during the days of action, facilitated attacks with ransomware and other malware.”
Dutch police warned that these actions should alert cybercriminals that they could be arrested.
“This operation shows that we always leave traces, no one is untraceable, even online,” Stan Duijf of the Dutch National Police said in a video statement.
The deputy director of Germany’s federal criminal police, Martina Link, described it as “the largest international cyber police operation to date.”
“Thanks to intensive international cooperation, it was possible to render six of the largest malware families harmless,” she said in a statement.
German authorities are requesting the arrest of seven people suspected of being members of a criminal organization whose aim was to spread Trickbot malware. An eighth person is suspected of being one of the leaders of the group behind Smokeloader.
Europol announced it was adding the eight suspects wanted by Germany to its most wanted list.