- 882
- 242
The estimated damage to date amounts to approximately $1.5 million.
The investigation identified two Ukrainians who performed key functions within the group, and also identified the possible leader of the group, a Russian citizen.
Ukrainian law enforcement, working with agencies from several foreign countries, have uncovered members of an international hacker group that carried out attacks on organizations around the world. According to preliminary estimates, the damage to the group amounts to approximately $1.5 million. This information was published by Prosecutor General Ruslan Kravchenko on social media.
According to Kravchenko, the attackers blocked the systems of at least 11 major American companies, demanding a ransom in cryptocurrency to restore access. The group consisted of more than 20 people, seven of whom are located in Ukraine. The group members performed various roles: cracking passwords, creating malicious code, negotiating with victims, and converting stolen funds into cash.
One of the suspects is also accused of participating in the distribution of BlackBasta malware; the case is being investigated in Germany.
Earlier this week, Ukrainian and German investigators conducted searches of the homes of two Ukrainian citizens. Computers, mobile phones, draft notes, and cash were seized during the investigation. Analysis of the seized materials is currently ongoing, and a decision on whether to file charges will be made based on the results.
The Prosecutor General emphasized that cybercrime knows no borders, and therefore the fight against it must be global, systemic, and relentless.
The National Police of Ukraine clarified that the uncovering of the cybercriminal group's activities was made possible by the collaboration of the cyber police and investigators under the overall procedural guidance of the Prosecutor General's Office of Ukraine and the German Federal Criminal Police Office. The investigation identified two Ukrainians who performed key functions within the group.
The investigation revealed that the suspects specialized in technically hacking secure systems and organizing cyberattacks using ransomware. They were engaged in obtaining passwords to confidential company data using specialized software. This data was subsequently used to gain unauthorized access and compromise critical enterprise systems, steal data, and launch ransomware.
Police conducted authorized searches in the Ivano-Frankivsk and Lviv regions, seizing evidence including digital storage devices, mobile devices, and cryptocurrency assets.
A joint investigation involving Europol also identified the group's possible leader, a Russian citizen suspected of founding and organizing the criminal organization. He may also have been involved with another well-known group, Conti, which specializes in distributing ransomware.
At the request of German law enforcement, the suspect was placed on an international wanted list through Interpol. Investigators believe this hacker group is one of the most dangerous in the cybercrime sector in recent years.
The group is known to have targeted companies and government agencies in developed Western countries between 2022 and 2025.
The current investigation was conducted through international cooperation between law enforcement agencies in Ukraine, Germany, Switzerland, the Netherlands, and the United Kingdom.
The investigation identified two Ukrainians who performed key functions within the group, and also identified the possible leader of the group, a Russian citizen.
Ukrainian law enforcement, working with agencies from several foreign countries, have uncovered members of an international hacker group that carried out attacks on organizations around the world. According to preliminary estimates, the damage to the group amounts to approximately $1.5 million. This information was published by Prosecutor General Ruslan Kravchenko on social media.
According to Kravchenko, the attackers blocked the systems of at least 11 major American companies, demanding a ransom in cryptocurrency to restore access. The group consisted of more than 20 people, seven of whom are located in Ukraine. The group members performed various roles: cracking passwords, creating malicious code, negotiating with victims, and converting stolen funds into cash.
One of the suspects is also accused of participating in the distribution of BlackBasta malware; the case is being investigated in Germany.
Earlier this week, Ukrainian and German investigators conducted searches of the homes of two Ukrainian citizens. Computers, mobile phones, draft notes, and cash were seized during the investigation. Analysis of the seized materials is currently ongoing, and a decision on whether to file charges will be made based on the results.
The Prosecutor General emphasized that cybercrime knows no borders, and therefore the fight against it must be global, systemic, and relentless.
The National Police of Ukraine clarified that the uncovering of the cybercriminal group's activities was made possible by the collaboration of the cyber police and investigators under the overall procedural guidance of the Prosecutor General's Office of Ukraine and the German Federal Criminal Police Office. The investigation identified two Ukrainians who performed key functions within the group.
The investigation revealed that the suspects specialized in technically hacking secure systems and organizing cyberattacks using ransomware. They were engaged in obtaining passwords to confidential company data using specialized software. This data was subsequently used to gain unauthorized access and compromise critical enterprise systems, steal data, and launch ransomware.
Police conducted authorized searches in the Ivano-Frankivsk and Lviv regions, seizing evidence including digital storage devices, mobile devices, and cryptocurrency assets.
A joint investigation involving Europol also identified the group's possible leader, a Russian citizen suspected of founding and organizing the criminal organization. He may also have been involved with another well-known group, Conti, which specializes in distributing ransomware.
At the request of German law enforcement, the suspect was placed on an international wanted list through Interpol. Investigators believe this hacker group is one of the most dangerous in the cybercrime sector in recent years.
The group is known to have targeted companies and government agencies in developed Western countries between 2022 and 2025.
The current investigation was conducted through international cooperation between law enforcement agencies in Ukraine, Germany, Switzerland, the Netherlands, and the United Kingdom.