The LKA led the investigation and worked with the US Federal Police FBI, Europol and the police in the Netherlands and Ukraine. The allegations are commercial, digital blackmail and computer sabotage. Dirk Kunze, head of the cybercrime department, called the hacker group a “shadow economy based on supply and demand”.
It was created in 2010 and started with blackmail software in the gaming scene. Later, bank customers were harmed. There was a first major attack on the British health system in 2017.
In Germany, the network is said to have attacked the Düsseldorf University Clinic, the Funke media group and the Anhalt-Bitterfeld district in Saxony-Anhalt in 2021, which then declared a disaster – a “case that is unparalleled in German history,” according to Kunze formulated.
The hackers are said to have gained digital access to the computers of the companies concerned, tapped data there and then threatened to misuse it. According to the LKA, up to two-digit million amounts were extorted worldwide. The network is also said to be used for money laundering in cryptocurrencies.
During the investigation, eleven people – men and women – were identified who had made different amounts of crime, it said. On February 28, buildings in Germany and Ukraine were searched, suspected participants were questioned and evidence was confiscated.
There are also three arrest warrants, said Kunze. However, these could not have been enforced because the suspects were not within the reach of the European judicial authorities. A 41-year-old Russian man and a 31-year-old man with links to Russia, whose nationality is unknown, are said to have participated in several crimes.
They are said to have played a key role in the cyber attacks on German companies. According to Kunze, the 41-year-old has a $5 million bounty on his head from the United States.
There is also an arrest warrant for a 36-year-old Russian woman who is said to have worked as an administrator for the network. It is also said to have sent emails with malicious software attached in order to infect systems with encryption software. The three are now being searched for worldwide. The remaining suspects are said to live in Ukraine, Germany, Russia or Moldova.
Attacks on critical infrastructure endanger human life, said LKA director Ingo Wünsch. The network acted primarily profit-oriented. Wünsch demanded that IT security should be part of every corporate philosophy.