{ "id": "39f47db0-7ef3-49e7-aa0a-7f135b161a61", "created_at": "2026-04-06T00:10:01.370953Z", "updated_at": "2026-04-10T13:13:00.516735Z", "deleted_at": null, "sha1_hash": "7bd455316b2712fe42feaf593451b17c14598174", "title": "FBI announces arrests in $70 million cyber-theft - CNN.com", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 36712, "plain_text": "FBI announces arrests in $70 million cyber-theft - CNN.com\r\nBy By Terry Frieden, CNN Justice Producer\r\nArchived: 2026-04-05 14:29:57 UTC\r\nOctober 1, 2010 -- Updated 2038 GMT (0438 HKT)\r\nSTORY HIGHLIGHTS\r\nFBI says they smashed cyber-theft ring that had netted $70 million from U.S. alone\r\n60 people are in custody in the United States, United Kingdom and Ukraine\r\nTo date the perpetrators have attempted to steal $220 million, the FBI said\r\nWashington (CNN) -- The FBI announced Friday more than 60 people are in custody in the United States, United\r\nKingdom and Ukraine after authorities smashed a major international cyber-theft ring that had netted $70 million\r\nfrom the United States alone. To date the perpetrators had attempted to steal $220 million, the FBI said.\r\n\"The five individuals detained in Ukraine were the directors of this organized cyber-crime operation,\" said FBI\r\nAssistant Director Gordon Snow.\r\nSnow and other officials said 39 U.S. citizens and 20 U.K. residents were also in custody, arrested for helping to\r\ncarry out a sophisticated computer theft operation that primarily targeted small to medium businesses and\r\ninstitutions.\r\nA smaller number of churches, nonprofits and individuals were also victims of the cyber ring, authorities said. In\r\ntotal, the FBI has identified 390 targeted victim businesses, institutions or individuals in all parts of the United\r\nStates.\r\nFBI officials briefing reporters on the international take-down said the criminals selected targets in advance which\r\nthey believed did not have high level computer security, and were able to tap into the firms' bank accounts.\r\nThe first indication of the cyber ring surfaced in Omaha, Nebraska, in May 2009. The FBI then launched\r\nOperation Trident Breach which eventually led to the arrests announced Friday.\r\nFirst word of the operation was announced in New York Thursday where authorities disclosed an estimated $3\r\nmillion in losses in New York which FBI officials noted is a small portion of the $70 million siphoned from the\r\nbank accounts.\r\nMost of those arrested were identified as \"mules\" engaged in the transfer of stolen funds, who retained a\r\npercentage for their services.\r\nThe FBI says the investigation determined the organizers launched their scheme strictly for profit and were not\r\nrelated to any political or social cause.\r\nhttp://edition.cnn.com/2010/CRIME/10/01/cyber.theft/\r\nPage 1 of 2\n\nAuthorities did not identify the creator of the \"malware\" which enabled the successful targeted \"phishing\" or\r\n\"spearfishing\" operation. They did not say whether the originator is in custody. However, they acknowledged that\r\na version of the Zeus Botnet which was used to infect the computers of the victims in this case is still active and\r\nrepresents a potential threat to other computer users.\r\nSource: http://edition.cnn.com/2010/CRIME/10/01/cyber.theft/\r\nhttp://edition.cnn.com/2010/CRIME/10/01/cyber.theft/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "http://edition.cnn.com/2010/CRIME/10/01/cyber.theft/" ], "report_names": [ "cyber.theft" ], "threat_actors": [ { "id": "e447d393-c259-46e2-9932-19be2ba67149", "created_at": "2022-10-25T16:07:24.28282Z", "updated_at": "2026-04-10T02:00:04.921616Z", "deleted_at": null, "main_name": "TA505", "aliases": [ "ATK 103", "Chimborazo", "G0092", "Gold Evergreen", "Gold Tahoe", "Graceful Spider", "Hive0065", "Operation Tovar", "Operation Trident Breach", "SectorJ04", "Spandex Tempest", "TA505", "TEMP.Warlock" ], "source_name": "ETDA:TA505", "tools": [ "Amadey", "AmmyyRAT", "AndroMut", "Azer", "Bart", "Bugat v5", "CryptFile2", "CryptoLocker", "CryptoMix", "CryptoShield", "Dridex", "Dudear", "EmailStealer", "FRIENDSPEAK", "Fake Globe", "Fareit", "FlawedAmmyy", "FlawedGrace", "FlowerPippi", "GOZ", "GameOver Zeus", "GazGolder", "Gelup", "Get2", "GetandGo", "GlobeImposter", "Gorhax", "GraceWire", "Gussdoor", "Jaff", "Kasidet", "Kegotip", "Kneber", "LOLBAS", "LOLBins", "Living off the Land", "Locky", "MINEBRIDGE", "MINEBRIDGE RAT", "MirrorBlast", "Neutrino Bot", "Neutrino Exploit Kit", "P2P Zeus", "Peer-to-Peer Zeus", "Philadelphia", "Philadephia Ransom", "Pony Loader", "Rakhni", "ReflectiveGnome", "Remote Manipulator System", "RockLoader", "RuRAT", "SDBbot", "ServHelper", "Shifu", "Siplog", "TeslaGun", "TiniMet", "TinyMet", "Trojan.Zbot", "Wsnpoem", "Zbot", "Zeta", "ZeuS", "Zeus" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434201, "ts_updated_at": 1775826780, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/7bd455316b2712fe42feaf593451b17c14598174.pdf", "text": "https://archive.orkl.eu/7bd455316b2712fe42feaf593451b17c14598174.txt", "img": "https://archive.orkl.eu/7bd455316b2712fe42feaf593451b17c14598174.jpg" } }