Huge crime spree brought to a halt Russian police are reported to have arrested the gang behind the notorious Carberp Trojan used to steal hundreds of millions of roubles from online bank customers during one of the most notorious cybercrime campaigns ever to hit the country.In a major police operation, The Federal Security Service (FSB) and Ministry of the Interior (MVD) are said to have swooped on the gang’s ringleaders, two Moscow-based brothers in their late 20s, one of whom was wanted for real estate fraud.Six accomplices of the pair were also detained.“Our experts did an enormous amount of work, which resulted in identifying the head of this criminal group, the owner and operator of a specialised banking botnet, identifying the control servers, and identifying the directing of traffic from popular websites in order to spread malware infection,” said Ilya Sachkov, CEO of Group-IB, a security firm that helped investigate the gang’s attacks. “The investigations conducted by our Forensics Lab confirmed the use of the Win32/Carberp and Win32/Rdpdor malware by the criminals in order to carry out theft of funds.”The gang also conducted DDoS attacks, Sachkov said. Police seem confident that they have netted the entire gang. Often associated with Blackhole Exploit Kit, Carberp achieved notoriety across the online banking world as a follow-up attack in the aftermath of the infamous Zeus Trojan of 2010.In its signature Russian attacks, the Trojan would steal online logins, which allowed the criminals to transfer sums to mule accounts from where it was removed using ATM transactions.What marked the Carberp gang out from the start was the apparent impunity with which it attacked ordinary Russians, something that made it public enemy number one in the country. Up to 130 banks around the world were affected, with at least 130 million roubles (APS2.8 million) stolen in a recent three-month period in Russia alone.Worldwide, in the 18 months of its operation Carberp was probably making the gang millions of dollars per month, some of which was cycled back into other cybercrime campaigns.The full extent of the gang’s activities has still to be established but could take in other high-profile Russian malware activities. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe