{
	"id": "746b8207-e46a-4534-b6b9-19284d9e37ef",
	"created_at": "2026-04-29T08:22:00.081467Z",
	"updated_at": "2026-04-29T10:41:34.356544Z",
	"deleted_at": null,
	"sha1_hash": "f62b36e7a956eed560fa680f2f388e831f28b662",
	"title": "Russian Cops Bust Key Members Of World's Busiest Cybercrime Gang: Sources",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 49210,
	"plain_text": "Russian Cops Bust Key Members Of World's Busiest Cybercrime\r\nGang: Sources\r\nBy Thomas Brewster\r\nPublished: 2016-02-08 · Archived: 2026-04-29 08:06:06 UTC\r\nIn November, Russia’s FSB quietly led an operation to take down the world’s most active cybercriminal groups,\r\nthe operators of the banking malware Dyre, according to a number of sources with knowledge of the matter.\r\nLittle is known about the investigation, which is ongoing, or who was arrested. One source claimed the\r\napprehended suspects were in the top echelon of the Dyre crew. The hackers were stealing tens of millions of\r\ndollars from businesses and banks, stealing as much as $1.5 million in individual attacks. They were responsible\r\nfor a quarter of all financial cybercrime in 2015 and Dyre was the most active of all banking malware variants,\r\naccording to IBM .\r\nFORBES understands the arrests took place across 18 and 19 November. IBM and Dell Secureworks both told\r\nFORBES the Dyre malware disappeared from their respective radars on 18 November. Either the Dyre\r\ninfrastructure has been wiped out or is idle.\r\nWestern police agencies have been left out of the loop, despite the malware affecting a significant number of\r\nAmerican and European businesses. A spokesperson for the UK's National Crime Agency said: \"We are aware that\r\narrests have been made and an active investigation remains, with enquiries ongoing. However, we cannot\r\ncomment further.\"\r\nEuropol said it could not comment as it only worked with European partners, whilst the FBI had not returned\r\nrequests for comment. All have previously stated difficulties working with Russian law enforcement in cyber\r\ninvestigations. The FSB also had not responded to a request for comment.\r\nRussian security firm Kaspersky was said to have assisted the investigation and is expected to reveal more at its\r\nannual analyst summit in Tenerife this week. Kaspersky said it did not comment on law enforcement\r\ninvestigations, however.\r\nNews of the arrests comes shortly after Reuters reported that a film studio in Moscow, 25th Floor, had been raided\r\nas part of the investigation. But there was no evidence anyone at the company had been charged or was involved\r\nin Dyre. Intriguingly, the firm was producing a film called Botnet, a thriller loosely based on a 2010 case in which\r\n37 people were charged for a $3 million cybercrime.\r\nSince their emergence in 2014, variants of the Dyre malware have together, at the very least, stolen tens of\r\nmillions of dollars. In April last year, IBM said in incidents at the start of 2015 organizations were losing between\r\n$500,000 and $1.5 million to attackers. Bank of America , Citibank, JP Morgan Chase , Royal Bank of Scotland\r\nand Wells Fargo were amongst 1000 banks, electronic payments and digital currency providers the Dyre operators\r\ntargeted.\r\nhttps://www.forbes.com/sites/thomasbrewster/2016/02/08/russia-arrests-dyre-malware-masterminds/\r\nPage 1 of 2\n\nThe malware was typically sent in an email attachment to employees. Once the attachment was opened, Dyre used\r\na number of tactics to pilfer company funds. First, it would wait until a banking website was opened and inject a\r\nfake page, stealing the logins as the employee typed them. The hackers would then log in and move the money\r\naround various accounts, attempting to launder the stolen funds.\r\nAlternatively, another page would open, advising the user that more security information was required, such as a\r\nPIN code or a date of birth. Finally, the hackers targeted businesses that often carried out large wire transfers,\r\nthrowing up fake websites that asked them to call a number owned by the criminals to supply information about\r\nthe transfer. They would then redirect the transfers, via a number of global banks, to their own accounts.\r\nLast year, the Dyre masterminds upped their game. Security firm Trend Micro said it had seen a 125 per cent\r\nincrease of Dyre infections worldwide in the second quarter of 2015 compared to the previous period.\r\nEurope was worst hit, home to 39 per cent of total infections, just above North America on 38 per cent, according\r\nto Trend. Despite emanating from Russia, there appear to be close to zero infections in the country. Often,\r\ncybercriminals in Russia evince a patriotic streak, though it’s unclear why. Last year, researchers linked one of the\r\nFBI's Most Wanted cybercriminals, Yevgeniy Bogachev, to state espionage activity.\r\nDyre was also noted for its ability to evade popular \"sandboxes\", where programs are run in a contained\r\nenvironment to check for malicious behaviour before being allowed to load on the main system. It was also used\r\nto download additional malware payloads, such as the Cryptowall ransomware.\r\nThen the action in November came and Dyre was seemingly no more. \"Seeing as it was not the first time the\r\nservers were quiet, we assumed it was a time out the gang was taking from its activity,\" said Limor Kessem, senior\r\ncybersecurity evangelist at IBM.\r\n\"But Dyre did not come back. After going dark on activity, we hardly saw any new infections from that day. The\r\nservers that update bots with new configurations were disconnected from the Internet alongside the servers that\r\ndispatch real time web injections.\r\n\"There was a short phase where the redirection attack servers were still up, but they too were disconnected about\r\nweek later and have remained silent since.\"\r\nThis is unlikely to be the end of the Dyre malware, however. It’s now likely the software will be adopted and\r\ntweaked by hackers, as the source code for Dyre was recently made freely available, according to one source.\r\nUpdated on 9 February to include confirmation from the NCA it was aware of arrests.\r\nSource: https://www.forbes.com/sites/thomasbrewster/2016/02/08/russia-arrests-dyre-malware-masterminds/\r\nhttps://www.forbes.com/sites/thomasbrewster/2016/02/08/russia-arrests-dyre-malware-masterminds/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.forbes.com/sites/thomasbrewster/2016/02/08/russia-arrests-dyre-malware-masterminds/"
	],
	"report_names": [
		"russia-arrests-dyre-malware-masterminds"
	],
	"threat_actors": [],
	"ts_created_at": 1777450920,
	"ts_updated_at": 1777459294,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f62b36e7a956eed560fa680f2f388e831f28b662.pdf",
		"text": "https://archive.orkl.eu/f62b36e7a956eed560fa680f2f388e831f28b662.txt",
		"img": "https://archive.orkl.eu/f62b36e7a956eed560fa680f2f388e831f28b662.jpg"
	}
}