Goznym Takedown Shows the Anatomy of a Modern Cybercriminal Supply Chain

Goznym Takedown Shows the Anatomy of a Modern Cybercriminal Supply Chain

For decades, the security industry has warned that the cybercriminal economy has been developing its own highly specialized, professional supply chain. But only when law enforcement tears the lid off a well-honed hacker operation—as they did today with the global Goznym malware crew—does the full picture of every interlinked step in that globalized crime network come into focus.


On Thursday, police in six countries along with the US Department of Justice and Europol announced the takedown of the Goznym malware operation—linked with another operation known as Avalanche, an associated cybercrime operation that was largely dismantled in 2016—including the arrest of five of its members across Ukraine, Moldova, Bulgaria, and Georgia. Five more alleged members remain at large in Russia. In total, the operation infected 41,000 computers with fraud-focused malware, and attempted to steal $100 million from victims in the US, though it's not clear exactly how much of that theft they successfully pulled off.


Speaking at a press conference today at Europol's headquarters in the Hague, global law enforcement hailed the arrests as an "unprecedented" example of international cooperation. But the indictment also details just how distributed and specialized the tasks of profit-focused hackers have become, composed largely of loosely associated freelancers, each responsible for a single step in the exploitation of victims. "You look at what happened here. What was Goznym? What was Avalanche?" asked Steven Wilson, the head of the European Cybercrime Centre. "This was a supermarket of cybercrime services. You're looking at coders, malware developers, bullet-proof hosters, a whole range of cybercrime services."


The indictment lays out that long chain of cybercrime specialists:


A Russian man, Vla ..