Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

European Authorities Take Down Massive Credit Card Theft Ring

Authorities in Europe arrested 44 members of a global credit card fraud network in a joint operation that took down a criminal gang that targeted victims in 16 countries.

Authorities in Europe arrested 44 members of a global credit card fraud network in a joint operation that took down a criminal gang that targeted victims in 16 countries.

The operation, dubbed ‘Pandora-Storm‘, was conducted by the Romanian Cybercrime Unit in Romania in cooperation with Europol’s European Cybercrime Centre (EC3). As a result of the operation, two illegal workshops for producing devices and software to manipulate point-of-sale (POS) terminals were dismantled, and illegal electronic equipment, financial data, cloned cards and cash were seized during 82 house searches in Romania and the United Kingdom.

On March 28, arrests were carried out from the command centre set up in Bucharest by the Romanian Police. 

According to Europol, the gang victimized roughly 36,000 bank and credit card holders. The gang stole people’s credit and debit card numbers and PIN codes by implanting card reading devices and malicious software on POS terminals. The crew then used counterfeit payment cards with stolen data in Argentina, Colombia, the Dominican Republic, Japan, Mexico, South Korea, Sri Lanka, Thailand and USA. The members of the group are also responsible for setting up a sophisticated criminal network for online fraud, authorities said.

POS malware is not new. Just recently, researchers at Group-IB told SecurityWeek about a malware campaign targeting POS systems and ATMs that has stolen payment card information from several U.S. banks. Called the ‘Dump Memory Grabber’, the malware scans the memory of point-of-sale systems and ATMs looking for credit card data. The researchers believe the malware has already been used to steal data from credit and debit cards issued by major US banks, including Chase, Capital One, Citibank, and Union Bank of California.

Additionally, a Boston-based liquor store warned customers this week that a “sophisticated malware attack” had compromised some customers’ credit and debit card information after  its point-of-sale systems were infected with malware.

“This case is another example of excellent police work and flawless cooperation and a proof of the fact that EU law enforcement cooperation continues to improve,” Troels Oerting, Head of European Cybercrime Centre (EC3) at Europol, said in a statement regarding the recent arrests. “This is a good sign for the future when increased cybercrime will become a great challenge for the LE community.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack