Europol has arrested 49 individuals across Europe accused of compromising business systems to conduct financial fraud and theft.
The joint operation between Europol's European Cybercrime Centre (EC3), Eurojust, and Italian, Spanish, Polish and UK law enforcement bodies took place on Wednesday. The operation resulted in the arrest of 49 individuals suspected of being part of the cybercrime ring, which is believed to have stolen six million euros in a "very short time," according to Europol.
In addition, 58 properties were searched and a variety of devices including laptops, hard disks, mobile phones, credit cards, forged documents and bank account records were seized.
The criminal group is believed to have used man-in-the-middle (MITM) attacks to intercept financial transactions taking place between medium and large European companies. MITM attacks are used to tap into and intercept communication channels used by two parties or more, thereby stealing sensitive information and potentially altering the flow of data itself.
In this case, the law enforcement agency believes both social engineering and malware were used to conduct MITM attacks, which began after securing access to corporate email accounts.
Once access to these accounts were secured, the cybercriminals allegedly monitored communications to detect payment requests, which were then diverted to bank accounts held outside of the European union and controlled by the criminal ring.
According to Europol, money was transferred through a "sophisticated network of money laundering transactions."
The majority of the suspects arrested come from Nigeria, Cameroon and Spain.
In February this year Europol, together with law enforcement agencies across Europe, Microsoft, Symantec and AnubisNetworks disrupted the Ramnit botnet, a campaign believed to have infected 3.2 million computers worldwide. Ramnit infected Windows PCs through phishing campaigns and malicious websites, later taking control of compromised computers, stealing personal information and conducting surveillance activities.
The organizations were able to shut down the botnet's command and control (C&C) center and redirect a total of 300 Internet domains used by the cybercriminals controlling the botnet.