FBI steps up search for members of cybercrime group

Sep 23, 2023, 6:00 AM


(CNN) — The FBI has stepped up its search for members of a multimillion-dollar cybercrime group more than two years after the bureau and its European allies announced they had taken down the group’s computer systems, according to newly unsealed court documents reviewed by CNN.

A hacking tool associated with the group – whose operations were previously traced to eastern Ukraine – has stalked the internet for nearly a decade, costing victims hundreds of millions of dollars, and leading to a disruptive ransomware attack on a US school in 2017.

After the hacking tool, known as Emotet, reemerged online late last year, the FBI executed a search warrant in January for information that an agent on the case thought might uncover new details about the hackers’ identities or whereabouts. The warrant asked for digital records tied to the hackers that the FBI believed were held by US web-hosting firm GoDaddy.

But the search came up empty, according to court documents unsealed this week in US federal court. Seamus Hughes, an independent researcher and founder of Court Watch, shared the documents with CNN.

The court records show how difficult it can be to shut down cybercriminal gangs, often based in Eastern Europe and Russia, that operate like well-oiled multinational corporations and fleece Americans out of millions of dollars. Unless they’re arrested, the hackers can sometimes recover from law enforcement seizures of their computer infrastructure and rebuild their fraudulent empires.

The records were unsealed in the US District Court for the Middle District of North Carolina, where the FBI is investigating Emotet operatives after their malware was used in a ransomware attack on a North Carolina school district in 2017.

A spokesperson for the FBI declined to answer questions about the new court records or the status of the Emotet investigation. GoDaddy declined to comment on why the search warrant came up empty.

Emotet (both the name of the malicious code and the hackers’ army of infected computers) has cost US state and local governments $1 million per hacking incident, according to federal data.

It is exactly the type of cybercriminal enterprise that the US government has sought to aggressively dismantle in recent years through a campaign of arrests, computer seizures and offensives from US military hackers. The accelerated Western law enforcement actions have come as the Russian government has balked at cooperating with investigators and the war in Ukraine has uprooted cybercriminals in that country.

Investigative leads from the war in Ukraine

In January 2021, the FBI alongside Dutch, British and other European law enforcement agencies announced that they had infiltrated Emotet’s servers and cut off the hackers’ access to victim computers. Ukrainian police also seized computers allegedly used by the hackers.

But hackers associated with the group have continued to rebuild their infrastructure, and they blasted out another campaign of spam emails in March, according to researchers. Experts who track the group told CNN they haven’t observed Emotet activity in months, raising questions about where they might surface next – or if their operations had suffered a mortal blow and law enforcement agencies were closing in on the hackers.

The FBI and European allies said last month that they had dismantled Qakbot, another network of infected computers that is similar to Emotet. A senior FBI official told CNN at the time that the investigation into Qakbot and related activity is ongoing.

The new court documents also show how the chaos unleashed by the war in Ukraine has provided investigative leads, and challenges, for the FBI in its hunt for cybercriminals.

At the onset of Russia’s full-scale invasion of Ukraine in February 2022, a Ukrainian cybersecurity researcher leaked a trove of private chats from Conti, another cybercriminal gang that has alleged ties to Russian intelligence. The Ukrainian told CNN that he leaked the data to get revenge on the Russian cybercriminals after they swore allegiance to the Kremlin, and “to prove that they are motherf**kers.”

The new court documents are perhaps the first time the FBI has publicly corroborated the Conti leaks. Those leaks were authentic, the FBI agent said in an affidavit filed in in the Emotet case, and showed that at least one of the Emotet hackers was administering the group’s malicious code both before the January 2021 law enforcement bust and in the years since.

“Sophisticated adversaries go to great lengths to stay anonymous and build layers of resiliency in their operations,” said Michael DeBolt, a former US representative to Interpol who is now chief intelligence officer at security firm Intel 471. “For law enforcement, investigating and eventually prosecuting prolific cybercriminals requires a great deal of patience and perseverance.”


We want to hear from you.

Have a story idea or tip? Send it to the KSL NewsRadio team here.

Crime, Police + Courts

A man drowned while swimming with his two children in Taylorsville Sunday afternoon. Police are inv...

Devin Oldroyd

Taylorsville man drowns in apartment complex pool

A man drowned while swimming with his two children in Taylorsville Sunday afternoon. Police are investigating.

6 hours ago

Christopher "Topher Owens and "Drew" Bull...

Mark Jones, KSL TV

Man accused in the killing of two missing men earlier this year is facing additional charges

A man accused of killing two men missing from Blanding in San Juan County earlier this year is facing additional charges.

9 hours ago

Hurricane Valley Fire & Rescue responded to a crashed paraglider Sunday morning. The paraglider was...

Devin Oldroyd

Hurricane Valley Fire & Rescue respond to crashed paraglider Sunday

Hurricane Valley Fire & Rescue responded to a crashed paraglider Sunday morning. The paraglider was LifeFlighted to the hospital.

11 hours ago

Photo of a Salt Lake City Police Department vehicle. Salt Lake City Police are investigating what t...

Mark Jackson

Salt Lake City’s fifth homicide for the year 2024

Salt Lake City Police are investigating a homicide that occurred Sunday morning. Police say this is the fifth homicide in the city for 2024.

13 hours ago

A Utah man currently in prison has pleaded guilty to disarming a police officer. He grabbed the gun...

Emily Ashcraft, KSL.COM

Utah man who fired at police pleads guilty to disarming an officer

A man has pleaded guilty to grabbing a police officer's gun as part of a plea deal in which charges for firing at an officer were dismissed.

1 day ago

A motorcycle crash has led to the death of a juvenile after they crashed while driving a motorcycle...

Kennedy Camarena

Motorcycle crash leads to death of a juvenile

A motorcycle crash has led to the death of a juvenile. Police believe the juvenile had lost control of the motorcycle, leading to the crash.

2 days ago

Sponsored Articles

a doctor putting her hand on the chest of her patient...

Intermountain Health

Intermountain nurse-midwives launch new gynecology access clinic

An access clinic launched by Intermountain nurse-midwives provides women with comprehensive gynecology care.

Young couple hugging while a realtor in a suit hands them keys in a new home...

Utah Association of Realtors

Buying a home this spring? Avoid these 5 costly pitfalls

By avoiding these pitfalls when buying a home this spring, you can ensure your investment will be long-lasting and secure.

a person dressed up as a nordic viking in a dragon boat resembling the bear lake monster...

Bear Lake Convention and Visitors Bureau

The Legend of the Bear Lake Monster

The Bear Lake monster has captivated people in the region for centuries, with tales that range from the believable to the bizarre.


Live Nation Concerts

All the artists coming to Utah First Credit Union Amphitheatre (formerly USANA Amp) this summer

Summer concerts are more than just entertainment; they’re a celebration of life, love, and connection.

Mother and cute toddler child in a little fancy wooden cottage, reading a book, drinking tea and en...

Visit Bear Lake

How to find the best winter lodging in Bear Lake, Utah

Winter lodging in Bear Lake can be more limited than in the summer, but with some careful planning you can easily book your next winter trip.

Happy family in winter clothing at the ski resort, winter time, watching at mountains in front of t...

Visit Bear Lake

Ski more for less: Affordable ski resorts near Bear Lake, Utah

Plan your perfect ski getaway in Bear Lake this winter, with pristine slopes, affordable tickets, and breathtaking scenery.

FBI steps up search for members of cybercrime group