Together with FBI and EU, SSU dismantles transnational hacker network that developed ransomware to target US and European companies

The Security Service of Ukraine and the FBI, together with the law enforcement agencies of the UK and the EU, carried out a large-scale special operation in 8 European states.

As a result of joint actions, over 30 members of transnational hacker groups involved in development and distribution of malware, including Pikabot, System BC, Bumblebee, Smokeloader and IcedID, have been exposed.

According to the investigation, the perpetrators hacked into the networks of well-known companies and then sold access to these systems to other hackers, including the russian groups BlackBasta, Revil and Conti.

Having access to the networks allowed hackers to steal classified information from these companies and then extort money for its non-disclosure.

Dozens of cases of extortion from the affected companies have been documented, with sums of money amounting to tens of millions of US dollars.

To obtain secret information, the hackers penetrated the corporate electronic networks using specially designed spyware and phishing emails.

During the searches at the home of one of the organizers in Ukraine, the SSU found mobile phones, computers and server equipment with evidence of the crime.

The SSU also conducted searches at the homes of several suspects in Kyiv and Zaporizhzhia regions.

Simultaneously, the law enforcement agencies in 8 countries of the EU and North America seized more than 90 servers and blocked over 1,000 domains used by the hackers.

The SSU and its partners are now working to bring those involved in the cyber crimes to justice.

The special operation was carried out jointly with the National Police of Ukraine under the procedural supervision of the Prosecutor General’s Office of Ukraine.