Petronella Blog Archive

Visit our New Blog

"Business Club" Hacker Group Stole $100 Million

Blog Post

A couple recent reports give a behind-the-scenes look at a cybercrime gang that ripped off businesses to the tune of over $100 million while messing around with espionage and working closely with the Chinese government.

The group referred to themselves as the Business Club and was made up of over 50 hackers that each brought a unique skill or specialization to the organization.  They ranged from IT support techs to people who would dupe accomplices into helping launder money.  It was so well organized that there was a membership fee and a profit sharing agreement.

The leadership was based in Krasnodar, in Russia near the Black Sea, but members were spread throughout Russia, which spans 11 timezones.  That made it easier for conduct their cybercrimes in multiple countries, as many of the group members also held 9-5 jobs. 

The chief tool for the Business Club was ZeuS, a malware that had been used for years to siphon funds form banks and small businesses.  There's a commercially-available version of it, but it's creator, Evgenit Mikhailovich Bogachev, who used the pseudonym Slavik online, was a member of the Business Club and, after faking retirement, secretly built another version for his own use.  This Gameover ZeuS botnet was able to intercept transactions and security challenges from banks along with customers' answers, giving them all the access they wanted to bank accounts.

The Business Club also set up fake shipping companies in Chinese port cities in order to facilitate fraudulent wire transfers.

Slavik kept part of the ZeuS botnet to himself though, and eventually turned int into a spying tool.  In Ukraine in particular, he had it comb through infected systems for keywords related to classified documents.  He also spied on Turkey, which Russia was interested in because of arms shipments.

Slavik is thought to be pretty much untouchable because of the value he provides to Russian intelligence.  Most likely, as long as the Business Club's actions don't target Russia, he will continue to be granted a high level of protection within the country.