Feds Bust Zeus Financial Cybercrime Ring - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity

Feds Bust Zeus Financial Cybercrime Ring

Group allegedly swindled $3 million using malware, botnets, and "money mules."

Strategic Security Survey: Global Threat, Local Pain
(click for larger image and for full photo gallery)
Federal and state authorities announced Thursday that they have charged numerous people in connection with a global cybercrime scheme using the Zeus financial malware toolkit to steal $3 million from U.S. bank accounts. The investigation was dubbed "Operation ACHing Mule," alluding to the attackers' use of Automatic Clearing House fraud, as well as "money mules" to move money.

According to Manhattan district attorney Cyrus Vance Jr., "this advanced cybercrime ring is a disturbing example of organized crime in the twenty-first century -- high-tech and widespread."

All told, charges were filed against 37 defendants -- in 21 separate cases -- ranging from using bank accounts with false names, to stealing money from accounts that were compromised via botnets and malware, including the Zeus (aka Zbot) financial malware toolkit.

The investigation commenced after questionable banking activity, according to Raymond W. Kelly, commissioner of the New York Police Department. "After NYPD detectives entered a Bronx bank in February to investigate a suspicious $44,000 withdrawal, it soon became evident that it was just the tip of an international iceberg."

According to complaints unsealed Thursday in Manhattan federal court, the malware attacks emanated from eastern Europe. Attackers sent malware-laden emails to numerous recipients, infecting some of their PCs with keystroke-monitoring software, which recorded their log-in credentials as they accessed financial websites.

According to prosecutors, "the hackers responsible for the malware then used the stolen account information to take over the victims' bank accounts, and make unauthorized transfers of thousands of dollars at a time to receiving accounts controlled by the co-conspirators."

The arrests appear to be part of a larger, global operation that also included New Scotland Yard, which on Thursday announced that it had charged 11 people in the United Kingdom with conspiracy to defraud, and money laundering.

"Reading between the lines, it's possible that the authorities believe that those arrested in the U.K. are ringleaders of the gang, and the U.S. arrests are mostly the 'money mules' who were used to actually convert stolen details into cash," said Graham Cluley, senior technology consultant at Sophos.

Since withdrawing money from abroad can trigger fraud alerts, attackers often use money mules located in the same country as victims, he said.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Pandemic Responses Make Room for More Data Opportunities
Jessica Davis, Senior Editor, Enterprise Apps,  5/4/2021
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Transformation, Disruption, and Gender Diversity in Tech
Joao-Pierre S. Ruth, Senior Writer,  5/6/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll