International law enforcement has busted up an extensive cybercrime operation run by a gang with ties to the Italian Mafia.
The group allegedly used phishing attacks to defraud hundreds of victims. The suspects used various lures to convince victims (mostly Italian nationals but also Spanish, English, German and Irish targets) to wire money to bank accounts controlled by the criminal network, according to Europol.
“The group, using hackers specialized in latest-generation phishing and vishing attacks and in the use of social-engineering techniques, had taken possession of the home banking credentials of victims… arranging bank transfers for thousands of Euro,” according to an announcement from the Italian National Police (Polizia di Stato).
The gang also engaged in other types of online fraud such as SIM swapping and business email compromise (BEC), Europol said. In all cases, the attackers laundered the money through a wide network of money mules and shell companies.
“The stolen sums were later recycled through the purchase of cryptocurrency or reinvested in further criminal activities, such as prostitution, drug production and trafficking, and arms trafficking,” according to the Polizia di Stato.
In all, the crooks raked in a “profit” of about $12 million (€10 million) last year alone.
The Spanish National Police (Policía Nacional), supported by Polizia di Stato, Europol and Eurojust, made 106 arrests in the sting in Spain and Italy.
🚩Golpe policial a la mafia italiana con la detención de 106 personas por blanquear más de 10.000.000€ procedentes de estafas informáticas
Operaban desde el sur de #Tenerife y blanqueaban dinero para clanes mafiosos italianos
— Policía Nacional (@policia) September 20, 2021
Law enforcement also froze 118 bank accounts and performed 16 house searches. During the latter, officers seized various collateral used in the operations, including electronic devices, 224 credit cards, SIM cards and point-of-sale terminals – as well as an electric shock machine, which speaks to the gang’s ancillary criminal activities.
“This large criminal network was very well organized in a pyramid structure, which included different specialized areas and roles,” according to a Monday statement from Europol. “Among the members of the criminal group were computer experts, who created the phishing domains and carried out the cyber-fraud; recruiters and organizers of the money muling; and money-laundering experts, including experts in cryptocurrencies.”
The gang members are mostly Italian nationals but ran the ring out of the Canary Islands, an autonomous zone that’s a territory of Spain – specifically, in the city of Santa Cruz de Tenerife.
Some of those apprehended were Italian fugitives, wanted for ties to organized crime groups like the Camorra in Naples, and Apulia’s Sacra Corona Unita, police said.
“This group of criminals had managed to settle and enter different levels of society: Business networks, law firms and banking entities, among others,” according to a Policía Nacional statement. “This level of settlement not only gave the organization impunity for money laundering, but also for the different criminal activities of these Mafia groups carried out in Spain.”
Those activities included robberies and assault, as well as the involvement of several of its members in two homicides carried out on the island.
“On one occasion they kidnapped a woman and, after threatening her at gunpoint, took her to an ATM to steal all the money and open 50 online bank accounts for the organization,” Spanish police said. “Once detained, they threatened the victim and those around her to prevent her from testifying.”
They added, “The extreme violence of this group was also manifested in other criminal actions. They beat up, robbed and extorted both members of the organization who deviated from internal regulations and other people or companies in Tenerife who, for fear of reprisals, did not report, which gave them a significant degree of impunity.”
The bust was carried out by traditional law enforcement as well as cyber experts: The Joint Cybercrime Action Taskforce (J-CAT) at Europol is a standing operational team that consists of cyber-liaison officers from different countries.
“During the operational activities, Europol deployed two analysts and one forensic expert to Tenerife, Spain and one analyst to Italy,” according to the Europol statement. “Additionally, Europol funded the deployment of three Italian investigators to Tenerife to support the Spanish authorities during the action day.”
Rule #1 of Linux Security: No cybersecurity solution is viable if you don’t have the basics down. JOIN Threatpost and Linux security pros at Uptycs for a LIVE roundtable on the 4 Golden Rules of Linux Security. Your top takeaway will be a Linux roadmap to getting the basics right! REGISTER NOW and join the LIVE event on Sept. 29 at Noon EST. Joining Threatpost is Uptycs’ Ben Montour and Rishi Kant who will spell out Linux security best practices and take your most pressing questions in real time.