Organized cybercrime gangs have embraced the potential of the internet. In recent years, their operations have become so sophisticated that they've launched widescale attacks on big corporations and initiated sinister cyber campaigns that caused millions of dollars in damages.

Here are five of the most notorious cybercrime gangs that have made headlines.

1. Cobalt Cybercrime Gang

This cybercrime gang is behind the Carbanak and Cobalt malware attacks that targeted 100 financial institutions in more than 40 countries worldwide. Their complex cybercrime campaigns against numerous banks allowed these criminals to steal more than $11 million per heist.

It caused the financial industry over a billion dollars in cumulative losses.

A typical Cobalt attack infiltrated banking institutions by sending spear-phishing emails with malicious attachments to bank employees. Once downloaded, criminals gained access to the infected computer and was able to infiltrate the internal banking network. They spent months inside the infected networks studying the bank’s operations and workflows.

It got even more sinister when they started infiltrating the servers that controlled the ATMs. During the final heist---called 'jackpotting'---ATMs were instructed to remotely dispense cash at a certain time in predetermined locations where a money mule waited to collect the cash.

The alleged mastermind was arrested in 2018, although experts now believe that the remaining members picked up where he left off after seeing similar attacks on numerous other banks shortly after his arrest.

Related: 10 of the World's Most Famous and Best Hackers 

2. Lazarus Gang

The group believed by some to be linked to North Korea, is behind many nefarious attacks on institutions and organizations. The most notorious was the Sony Pictures breach in 2014 and the sinister campaign that affected England’s NHS (National Health Service) through the WannaCry cyber attack.

Sony Pictures Leak

During the infamous Sony Pictures leak, employees were shocked to discover that their corporate network had been hacked. Hackers stole terabytes of confidential data, deleted some files, and threatened to leak the information if Sony refused the hackers’ demands.

Networks were down for days and employees were forced to use whiteboards. A few days later the hackers started leaking confidential information they stole to the press.

WannaCry Ransomware Attack

The Lazarus group is also believed to be behind the 2017 WannaCry Ransomware attack that affected almost a quarter of a million computers in 150 countries. It crippled numerous companies and organizations including the UK’s NHS. It was the biggest ever attack the NHS has ever experienced.

WannaCry brought the health system’s operations to a standstill for many days, caused over six thousand appointments to be canceled, and cost the NHS an estimated $100 million.

3. MageCart Syndicate

MageCart Attacks Javascript

This big ecommerce hacking syndicate, composed of different groups under one big umbrella, became notorious for stealing customer and credit card data.

A form of software skimming was devised for this, malware that hijacked payment systems on ecommerce sites, recording credit card details.

Over the years, MageCart groups have targeted thousands of e-commerce sites as well as other websites where users normally enter their credit card details. In 2018 for instance, British Airways suffered a massive data breach by a MageCart group. The attack compromised the personal and financial information of 380,000 customers. But the attack on the airline was just the tip of the iceberg.

The massive MageCart digital card skimming campaign also targeted hardware retailer Newegg a few days after the British Airways attack. MageCart are also believed to be behind the Ticketmaster attack that compromised 40,000 customer information.

4. Evil Corp

The group’s name itself leaves no doubt that they are out to cause trouble, millions of dollars worth of trouble to be exact. This international cybercrime gang with members based in Russia uses various types of malware to attack all sorts of institutions including a school district in Pennsylvania.

Most of their targets are organizations in Europe and the US and they’ve managed to evade arrest for years. Evil Corp have become notorious for the insidious Dridex banking Trojan that allowed the cybercrime group to harvest login information from hundreds of banks and financial institutions across 40 countries.

During the height of the Dridex heist, Evil Corp managed to steal an estimated $100 million.

They are so brazen, videos of the alleged leaders flaunting their supercars and lavish lifestyle went viral last year. And while they have already been formally indicted by the US government in December 2019, many experts believe it will be difficult to make their founders face trial in the US.

The indictment also didn’t deter the group. In fact, a series of fresh attacks on small to medium-sized US companies during 2020 have been linked to Evil Corp. This includes the June 2020 discovery by Symantec of a plan to attack dozens of US corporations. Eight Fortune 500 companies were targeted using a new breed of ransomware called WastedLocker.

5. GozNym Gang

This international cybercrime network is behind the menacing GozNym malware, a powerful Trojan hybrid that was created to avoid detection by security solutions.

GozNym, considered a two-headed monster, is a hybrid of the Nymaim and Gozi malware. The sinister fusion allowed the malware to sneak onto a customer’s computer through malicious email attachments or links. From there the malware stayed virtually indiscoverable, waiting for the user to log in to a bank account.

From there, log in details were harvested, funds stolen and siphoned off to US and foreign banks, and then washed by money mules. The attack affected more than 41,000 computers and robbed account holders of some $100 million in total.

Organized Cybercrime Gangs

cybercrime group specialists

These international cybercrime gangs model their operations and business models after legitimate business organizations. So much so that security analysts claim they are giving new members training, utilizing collaboration tools, and even using service agreements between the 'specialists' they hire.

Most, like the GozNym group, for instance, have a CEO-like ringleader who recruits project managers from the dark web. These project managers are specialists who are in charge of each part of the attack.

Take the GozNym gang, who had coding 'specialists' that polished their malware’s ability to evade security solutions, a separate team in charge of distribution, and another team of specialists took over controlling the bank accounts. They also hired money mules or money launderers ('drop masters') who received the funds and redistributed them to gang members overseas.

It’s this level of organization and precision that has allowed these groups to infiltrate even the most established organizations, cause massive havoc, and steal millions of dollars.

Understanding how they operate is one of the key steps towards winning the fight against cybercrime. Experts are hoping that by studying them they might thwart attacks before they happen.