Operation Avalanche: a closer look

01 April 2017|AVAILABLE IN ENGLISH
Publication cover

A German investigation into an OCG called Avalanche involved in malware, phishing and spam activities commenced in 2012, after a wave of encryption ransomware infected a substantial number of computer systems, blocking users’ access. The investigation exposed the existence of a highly sophisticated technical infrastructure that was used to infect millions of private and business computer systems with malware (e.g. banking Trojans and ransomware), enabling the criminals operating the network to harvest bank and e-mail passwords.

With this information, the criminals were able to perform bank transfers from the victims’ accounts. The proceeds were then redirected to the criminals through an infrastructure specifically created to secure the proceeds of the criminal activity. In addition to launching and managing mass global malware attacks, the Avalanche network was used for money mule recruiting campaigns. The Avalanche infrastructure was set up in a way that was highly resilient against takedowns and law enforcement action (through so-called ‘double fast-flux’ technology).

Downloads

FULL REPORT

DOWNLOAD

[PDF] (1.01 MB)

Publication details

ISBN
978-92-9490-158-3
DOI
10.2812/816706
Catalog number
QP-01-17-801-EN-N