The arrest of the six members of the Hodprot group was carried out by the Office of Economic Security and Counter-Corruption of the MVD in Moscow. This operation was part of the investigation instituted on the facts of theft of funds via the Sberbank online banking system.
The Hodprot group had been operating since 2009, specializing in stealing money from corporate bank accounts. In the beginning, the criminals were using the Hodprot malware, switching to Carberp, another banking malware, in 2011.
"This is the second Carberp group neutralized by Russian law enforcement agents with our active involvement within the past three months," said Ilya Sachkov, CEO of Group-IB. "In this particular case, we provided special expertise and assistance in identifying the criminals, and establishing their roles and relationships within the cybercriminal group. Subsequent investigation by our forensics lab confirmed the involvement of these criminals to the specific cases of theft of funds."
Group-IB is the first company in Russia and the former Soviet Union working professionally and comprehensively in cybercrime investigation, information security breaches, and computer forensics. As part of the company, a computer forensics lab provides independent computer forensic investigations, including for Russian law enforcement agencies. Created on the basis of Group-IB, CERT-GIB operates as the first private computer emergency response team in Russia. Group-IB is part of the LETA Group.