Earlier this month, HSD Founding Partner Fox-IT and U.S. security company Crowdstrike, in collaboration with the FBI, presented their joint research on GameOver Zeus at Black Hat in Las Vegas. GameOver Zeus is considered by many to be the most successful cybercrime group to date. In a joint investigation over multiple years, the FBI, with the help of Fox-IT’s InTELL team and others, has taken down a vital part of the botnet and rendered GameOver Zeus ineffective.
Some of the new facts that were presented include:
- In addition to bank robbery, credential stealing and ransomware, the GameOver Zeus gang engaged in espionage across eastern European countries
- The GameOver botnet sizes averaged 200,000 nodes in total
- The gang stole 20 to 30 terabytes of data over time, as well as an estimated $100 million of banking funds
- The GameOver Zeus gang called themselves the “businessclub” and totaled more than 50 criminal actors
- Evgeniy “Slavik” Bogachev was not the sole leader of this “businessclub”
Andy Chandler, SVP at Fox-IT, said, “Years of dedicated time and effort went into this investigation by our team in Delft. We are pleased to be able to share our knowledge and insights into this sophisticated criminal organization. The maturity of how they evolved could have been an example out of a Harvard business book. The businessclub, led by two (not one), made hundreds of millions of dollars. At the same time, they used their criminal talents to expand from retail banking to commercial banking and branch off to new areas like espionage and ransomware.”
In an earlier statement, the assistant director at the FBI said, “The progress we made on this case and the response to reduce the infections would not be possible without those in the private sector. Calling out Dell SecureWorks, Fox-IT, and Crowdstrike were among the chief, and also our partners at DOJ. Without them, all of this would not have been possible.”
To download the Whitepaper ‘GameOver Zeus – Backgrounds on the Badguys and the Backends’, click here.