Ukrainian cyberpolice have dismantled a cybercriminal group responsible for stealing several million hryvnias from the accounts of major industrial enterprises across Ukraine.
According to law enforcement, the group used malware to breach the accounting systems of legal entities. After gaining remote access to accounting computers, the perpetrators transferred funds to accounts belonging to individual entrepreneurs, disguised as payments for services. The funds were then withdrawn in cash.
Police identified the scheme’s organizer and his accomplice, who was responsible for creating an extensive network of ‘drop’ accounts. Some individuals, for a fee, registered as private entrepreneurs (FOPs) and handed over control of their bank accounts to the criminals. Others were recruited to register accounts on cryptocurrency exchanges and rent them out to the group.
In total, the group is believed to have stolen nearly 4 million UAH (approximately $100,000) from Ukrainian businesses. The alleged ringleader has been taken into custody. If convicted, the suspects face up to 12 years in prison with confiscation of property.
Authorities have also announced the completion of an international pre-trial investigation into a criminal organization that specialized in stealing money from EU citizens’ bank accounts. Indictments against 14 members of the group have been sent to court.
The criminals used a phishing scheme, targeting people in the Czech Republic, Poland, and other EU countries who posted ads on local online marketplaces. Posing as buyers, they sent phishing links that mimicked payment services. When victims entered their banking details, the data was stolen and used to withdraw money. Some funds were transferred to controlled bank cards, while others were converted into cryptocurrency.
The organization consisted of nearly 20 people aged 20 to 49, some of whom were relatives or childhood friends. Each member had a specific role, including recruiting “workers” via messaging apps, creating and managing phishing websites, providing tech support, processing data, and laundering funds.
The leaders managed fraudulent call centers and maintained the technical infrastructure. Searches revealed computers, phones, SIM cards, bank cards, and documents. The investigation lasted over a year, and in January 2024, key suspects were arrested. Confirmed losses from 19 victims exceed 1.5 million UAH (~$36000).
