Ukraine, Switzerland Arrest 12 Suspects of International Cybercrime

Published: 02 November 2021

nc3

Norwegian Police reported that one of the group’s victims was Norsk Hydro, a Norwegian renewable energy company and one of the world’s largest manufacturers of aluminium products. (Photo: Politiet - Norvegian Police)

By Henry Pope

Ukrainian and Swiss authorities arrested 12 individuals in an eight-country operation against a network of cybercriminals who have allegedly targeted over 1,800 victims across 71 states, Europol reported on Friday.

The group is suspected of being responsible for instigating ransomware attacks against critical infrastructure across the globe as well as large corporations.The European police agency said that the arrested individuals are considered high-value targets for their suspected role in several high-profile cyber attack cases.

Members of the network reportedly have used a variety of means in order to compromise their targets’ IT networks; including by deploying malware such as Trickbot; stealing user credentials; or through SQL injections (Structured Query Language), in which the hacker uses code to gain access to a database and steal valuable information.

Norwegian Police reported that one of the group’s victims was Norsk Hydro, a Norwegian renewable energy company and one of the world’s largest manufacturers of aluminium products.

The company was targeted by ransomware back in 2019 and refused to pay, though they still reportedly lost NOK 800 million (US$95 million) as a result of the attack.

Once they’ve locked a user or corporate enterprise out of their own files, such criminal networks will usually demand payment in the form of Bitcoin in exchange for the decryption keys.

When victims do pay, the hackers then funnel the Bitcoin through mixing services, which mix large groups of users’ coins together, thereby making tracking efforts near impossible, before finally absconding with their ill-gotten gains.

One of the suspected members, a Russian national, was arrested and extradited in October from South Korea to the U.S. to face charges for his alleged role in the transnational cybercriminal organization.

According to the indictment, from 2015-2020, Vladimir Dunaev, 38, used Trickbot to infect millions of computer systems in order to steal confidential information, ransom money, and destroy vital user files worldwide.

Reportedly, Dunaev allegedly performed a variety of developer functions for the criminal group, including managing the malware’s execution and concealment from security protocols, according to the U.S. Department of Justice (DOJ).

Another suspected member, Alla Witte, aka Max, 55, a Latvian national, was charged by the U.S. in June earlier this year on several counts to commit computer fraud, bank fraud, identity theft, and money laundering.

Dunaev faces a maximum penalty of 60 years’ imprisonment; the charges from Witte's 47-count indictment could see her serve a maximum sentence longer than a human being's natural lifespan.