International police dismantle crime ring that allegedly used GozNym malware to try to steal $100 million

The crackdown included an indictment of 10 alleged members of the crime ring, and prosecution of defendants in Georgia, Moldova, and Ukraine.

Law enforcement officials from the U.S. and some European allies say they have broken up a criminal network that used banking malware to try to steal an estimated $100 million from over 41,000 victims in multiple countries.

An indictment made public Thursday alleges that 10 members of a criminal organization used the GozNym malware, a banking trojan that infects internet browsers and was compiled from two other known pieces of malware, to steal victims’ login credentials, steal their money and then launder those funds through U.S. and foreign bank accounts.

The primary victims were U.S. businesses and their supporting financial institutions, including several victims in the Western District of Pennsylvania, U.S. officials said. Other organizations hit were a Pennsylvania asphalt and paving business, a Washington law firm, a casino in Gulport, Mississippi, and a California furniture business, according to the indictment. Cybersecurity researchers tracking GozNym in recent years have reported its targeting of credit unions, e-commerce, and other finance subsectors.

The ringleader, according to the indictment, was Alexander Konovolov, a 35-year-old Georgian who allegedly controlled the roughly 41,000 victim computers. Konovolov and his accomplice are being prosecuted in Georgia, law enforcement officials said.


How much money the gang successfully stole was not immediately clear.

The crackdown saw the U.S. partner with Bulgaria, Georgia, Germany, Moldova, and Ukraine, resulting in an indictment being returned by a federal grand jury in Pittsburgh, and prosecution of defendants in Georgia, Moldova, and Ukraine. Five of the accused live in Russia, which does not have an extradition agreement with the U.S.

“We found that GozNym was a highly structured, specialized organized crime network, and each defendant represented in the indictment had a specialized role to play and brought a unique skillset to the conspiracy,” Scott Brady, the U.S. attorney for the Western District of Pennsylvania, said at a press conference Thursday.

Thursday’s announcement comes after the 2016 indictment of another alleged member of the crime ring, a Bulgarian named Krasimir Nikolov. In the years since, law enforcement officials on both sides of the Atlantic say they have been building a cases against Nikolov’s former colleagues.

[documentcloud url=”” responsive=true]

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts