Image from Shutterstock.com.
A law firm in Washington, D.C., and a law office in Wellesley, Massachusetts, are among the victims of malware attacks by an overseas cybercrime network.
The law firms were not identified in a Department of Justice press release announcing the dismantling of the cybercrime network in an international law enforcement operation. The American Lawyer and the Associated Press have coverage. The May 16 press releases are here and here.
Other U.S. victims included a Mississippi casino, a Kentucky stud farm and a Texas church.
The cybercrime operation used GozNym malware to infect computers and capture banking login credentials. The conspirators allegedly created lookalike internet pages for the victims’ financial institutions. They then accessed the bank accounts and transferred money, converting it to bitcoin.
Members of the network are being prosecuted in four different countries. In the United States, indictments have been filed in the Western District of Pennsylvania. Prosecutions also are pending in the countries of Ukraine, Moldova and Georgia.
Bulgarian authorities arrested one of the accused men, Krasimir Nikolov, and extradited him to the United States in December 2016. Ten others have been charged, including five Russians who remain at large. Alexander Konovolov of Tbilisi, Georgia, is the alleged network ringleader.
According to the indictment, filed April 17, the conspirators sent a phishing email in February 2016 to the D.C. law firm from the “Quicken Billpay-center.” The recipient was directed to click a link to view the invoice. Clicking the link caused the GozNym malware to be downloaded onto the recipient’s computer.
About nine days later, one of the defendants used the recipient’s credentials to gain access to a Bank of America account. The defendant tried to access $97,520, resulting in a loss of $76,178.
A defendant who used GozNym to capture banking credentials at the Wellesley, Massachusetts, law office gained access to a Brookline Bank account using online banking login credentials. The defendant transferred $41,000 from the account.