30 Countries Team Up to Take Down Massive International Cybercrime Network


The Justice Department and Europol, among other entities, announced the dismantling of a large international cybercriminal infrastructure known as Avalanche on Thursday, marking the end of a roughly four-year investigation.

The Avalanche network was used as a platform to launch and manage mass global malware attacks and “money mule recruiting campaigns,” according to a release from the European Union’s law enforcement agency, Europol.

The agency said Avalanche was responsible for causing an estimated 6 million euros in damages through concentrated cyberattacks on online banking systems in Germany alone.

Since the Avalanche network began operating in 2010, it is estimated to have cost hundreds of millions of dollars worldwide through malware attacks, according to the DOJ, the Federal Bureau of Investigation and the U.S. Attorney’s Office for the Western District of Pennsylvania, which were involved in taking down the cybercrime network.

“This network hosted more than two dozen of the world’s most pernicious types of malware and several money laundering campaigns,” Assistant Attorney General Leslie R. Caldwell of the DOJ’s Criminal Division, Acting U.S. Attorney Soo C. Song of the Western District of Pennsylvania and Special Agent in Charge of the FBI’s Pittsburgh Division Robert Johnson said in a joint Thursday statement.

The FBI, German police, and prosecutors and investigators from 30 countries were involved in taking down the network. Five people were arrested and 39 servers were seized in the process of dismantling Avalanche, Europol said.

Investigators found victims of Avalanche-directed malware infections in more than 180 countries, Europol said. The operation was the “largest-ever use of sinkholing to combat botnet infrastructures,” the agency said.

Sinkholing refers the act of redirecting traffic between infected computers and a criminal infrastructure to servers controlled by law enforcement. Botnets are networks of computers infected with malware that enables a criminal to control those devices.

The DOJ and Europol both called the operation that took down Avalanche “unprecedented” in its size, with more than 800,000 domains seized, sinkholed or blocked.

“Avalanche has been a highly significant operation involving international law enforcement, prosecutors and industry resources to tackle the global nature of cybercrime,” Rob Wainwright, director of Europol, said in a Thursday statement. “The complex transnational nature of cyber investigations requires international cooperation between public and private organizations at an unprecedented level to successfully impact on top-level cybercriminals.”

Morning Consult