SSU exposes Ukrainians who created service for hackers and stole USD 1 million from 50 foreign companies

The SSU Cyber Department together with the Cyber Police of the National Police of Ukraine, the U.S. and British partners have conducted a large-scale special operation to dismantle a powerful hacker service.

The law enforcement agencies exposed the criminals who carried out hacker attacks against foreign companies and provided IP-address spoofing services to other hackers. According to preliminary estimates, the group’s total proceeds reach USD 1 mln.

Unlike ‘regular’ VPN-services, which can be legally purchased and used, the services offered by this group had broader functionality. For example, they enabled the user to download viruses, spyware and other malware through the platform. It was an unlawful organization set up by criminals for other criminals.

The investigation revealed that the organizers were Ukrainian citizens, including those wanted by foreign law enforcement agencies. They administered the service from personal computers, and, to avoid responsibility, disguised themselves under various nicknames in the Darknet.

The services were popular among transnational hacker groups, who regularly:

  • hacked systems of government and commercial institutions to collect confidential information;
  • spread ransomware, which encrypts information on the PC and demands a ‘ransom’ from the user for the key;
  • carried out DDoS attacks to paralyze systems, etc.

To launder criminal proceeds, the offenders conducted complex financial transactions using a number of online services, including those banned in Ukraine. At the last stage of converting assets into cash, they transferred funds to payment cards of an extensive network of fictitious persons.

The searches of the perpetrators’ residences, places of stay and vehicles resulted in the seizure of mobile phones, computer equipment and other items with evidence of illegal activity.

Criminal proceedings have been opened under three articles of the CCU:

  • Article 361.2 (unauthorized interference in the work of computers, automated systems, computer networks or telecommunication networks)
  • Article 361-1.2 (creation of malicious software or hardware for use, distribution or sale, as well as their distribution or sale)
  • Article 209.3 (laundering of criminal proceeds).

Investigation is underway to identify and bring to justice all those involved.

The SSU Cyber ​​Department together with the Cyber ​​Police and investigators of the National Police carried out the operation under the supervision of the Prosecutor General’s Office jointly with international partners – competent authorities of the USA and the UK.