FBI steps up search for members of cybercrime group

Sep 23, 2023, 6:00 AM


(CNN) — The FBI has stepped up its search for members of a multimillion-dollar cybercrime group more than two years after the bureau and its European allies announced they had taken down the group’s computer systems, according to newly unsealed court documents reviewed by CNN.

A hacking tool associated with the group – whose operations were previously traced to eastern Ukraine – has stalked the internet for nearly a decade, costing victims hundreds of millions of dollars, and leading to a disruptive ransomware attack on a US school in 2017.

After the hacking tool, known as Emotet, reemerged online late last year, the FBI executed a search warrant in January for information that an agent on the case thought might uncover new details about the hackers’ identities or whereabouts. The warrant asked for digital records tied to the hackers that the FBI believed were held by US web-hosting firm GoDaddy.

But the search came up empty, according to court documents unsealed this week in US federal court. Seamus Hughes, an independent researcher and founder of Court Watch, shared the documents with CNN.

The court records show how difficult it can be to shut down cybercriminal gangs, often based in Eastern Europe and Russia, that operate like well-oiled multinational corporations and fleece Americans out of millions of dollars. Unless they’re arrested, the hackers can sometimes recover from law enforcement seizures of their computer infrastructure and rebuild their fraudulent empires.

The records were unsealed in the US District Court for the Middle District of North Carolina, where the FBI is investigating Emotet operatives after their malware was used in a ransomware attack on a North Carolina school district in 2017.

A spokesperson for the FBI declined to answer questions about the new court records or the status of the Emotet investigation. GoDaddy declined to comment on why the search warrant came up empty.

Emotet (both the name of the malicious code and the hackers’ army of infected computers) has cost US state and local governments $1 million per hacking incident, according to federal data.

It is exactly the type of cybercriminal enterprise that the US government has sought to aggressively dismantle in recent years through a campaign of arrests, computer seizures and offensives from US military hackers. The accelerated Western law enforcement actions have come as the Russian government has balked at cooperating with investigators and the war in Ukraine has uprooted cybercriminals in that country.

Investigative leads from the war in Ukraine

In January 2021, the FBI alongside Dutch, British and other European law enforcement agencies announced that they had infiltrated Emotet’s servers and cut off the hackers’ access to victim computers. Ukrainian police also seized computers allegedly used by the hackers.

But hackers associated with the group have continued to rebuild their infrastructure, and they blasted out another campaign of spam emails in March, according to researchers. Experts who track the group told CNN they haven’t observed Emotet activity in months, raising questions about where they might surface next – or if their operations had suffered a mortal blow and law enforcement agencies were closing in on the hackers.

The FBI and European allies said last month that they had dismantled Qakbot, another network of infected computers that is similar to Emotet. A senior FBI official told CNN at the time that the investigation into Qakbot and related activity is ongoing.

The new court documents also show how the chaos unleashed by the war in Ukraine has provided investigative leads, and challenges, for the FBI in its hunt for cybercriminals.

At the onset of Russia’s full-scale invasion of Ukraine in February 2022, a Ukrainian cybersecurity researcher leaked a trove of private chats from Conti, another cybercriminal gang that has alleged ties to Russian intelligence. The Ukrainian told CNN that he leaked the data to get revenge on the Russian cybercriminals after they swore allegiance to the Kremlin, and “to prove that they are motherf**kers.”

The new court documents are perhaps the first time the FBI has publicly corroborated the Conti leaks. Those leaks were authentic, the FBI agent said in an affidavit filed in in the Emotet case, and showed that at least one of the Emotet hackers was administering the group’s malicious code both before the January 2021 law enforcement bust and in the years since.

“Sophisticated adversaries go to great lengths to stay anonymous and build layers of resiliency in their operations,” said Michael DeBolt, a former US representative to Interpol who is now chief intelligence officer at security firm Intel 471. “For law enforcement, investigating and eventually prosecuting prolific cybercriminals requires a great deal of patience and perseverance.”


We want to hear from you.

Have a story idea or tip? Send it to the KSL NewsRadio team here.

Crime, Police + Courts

FILE - The Instagram app icon on the screen of a mobile device. With an eye on testing the Reels al...

Simone Seikaly

Instagram algorithm test “is scary,” says Utah state senator

Utah State Senator Mike McKell said Instagram's algorithm isn't alone in helping to target users for unsafe content.

2 hours ago

Ian Azner and a dog pictured...

Garna Mejia and Mary Culbertson, KSL-TV

Family of Sandy man shot by police question the events before his death

Ian Anzer's family is waiting for answers from law enforcement and has requested to see the officer's body cam footage.

9 hours ago

A stabbing and arson domestic violence call happened early Saturday morning....

Derrick Jones

SLCPD responds to a domestic violence call that involved a stabbing and arson

A domestic violence-related incident involving a stabbing and arson that left two individuals injured and sent both to the hospital.

2 days ago

SLCPD police car...

Devin Oldroyd

SLCPD reports “dramatic” decrease in car theft and burglaries

The Salt Lake City Police Department said Friday that car burglaries and car thefts are down in the city compared to last year.

3 days ago

A person is dead after a shooting involving a U.S. Marshalls task force at a Sandy senior living co...

Devin Oldroyd

One dead after officer-involved shooting at Sandy senior living facility

A person is dead after a shooting involving a U.S. Marshalls task force at a Sandy senior living community Friday.

3 days ago

A green SUV on its roof in the front yard of a house after crashing into two parked cars and rollin...

Waverly Golden

SLCPD investigates rollover crash, gives reminder to practice safe driving

The SLCPD is reminding the community to practice safe driving after an SUV rolled over after crashing into to vehicles.

3 days ago

Sponsored Articles

front of the Butch Cassidy museum with a man in a cowboy hat standing in the doorway...

Bear Lake Convention and Visitors Bureau

Looking Back: The History of Bear Lake

The history of Bear Lake is full of fascinating stories. At over 250,000 years old, the lake has seen generations of people visit its shores.

silhouette of a family looking over a lake with a bird in the top corner flying...

Bear Lake Convention and Visitors Bureau

8 Fun Activities To Do in Bear Lake Without Getting in the Water

Bear Lake offers plenty of activities for the whole family to enjoy without having to get in the water. Catch 8 of our favorite activities.

Wellsville Mountains in the spring with a pond in the foreground...

Wasatch Property Management

Advantages of Renting Over Owning a Home

Renting allows you to enjoy luxury amenities and low maintenance without the long-term commitment and responsibilities of owning a home.

Clouds over a red rock vista in Hurricane, Utah...

Wasatch Property Management

Why Southern Utah is a Retirement Paradise

Retirement in southern Utah offers plenty of cultural and recreational opportunities. Find out all that this region has to offer.

Human hand holding a protest banner stop vaping message over a crowded street background....

Prosperous Utah Communities

Utah’s Battle to Protect Youth from Vaping Epidemic Faces New Threat as Proposed Rule Threatens Progress

Utah's strict standards of nicotine levels in vaping products are at risk, increasing health hazards associated with use. Read more about how you can advocate for a better future for Utah's youth.

Aerial photo of Bear Lake shoreline with canopies and people camped out on the beach...

Visit Bear Lake

Last-Minute Summer Vacation Planning? Check Out Bear Lake!

Bear Lake is the perfect getaway if you are last-minute summer vacation planning. Enjoy activities with your whole family at this iconic lake.

FBI steps up search for members of cybercrime group