Law enforcement agencies of Ukraine and several foreign countries uncovered members of a transnational hacker group that attacked organizations in various countries worldwide, causing nearly $1.5 million in damages.
Prosecutor General Ruslan Kravchenko reported this on Facebook.
“International cyberattack: together with partners from the United States and Germany, we exposed a transnational hacker group,” Kravchenko stated.
According to him, the perpetrators blocked the systems of at least 11 American corporations. They demanded ransom in cryptocurrency for the restoration of access.
The currently estimated damage amounts to around $1.5 million.
The group consists of over 20 people. Seven of them, Kravchenko reported, are on Ukrainian territory. Each had a specific role: from password hacking and coding to negotiating with victims and laundering the money into cash. One of the suspects, Kravchenko noted, is also involved in another crime—the distribution of the BlackBasta malware, which is under investigation in Germany.
According to the Prosecutor General, on Thursday, January 15, joint searches were conducted with commissioners of the German Federal Criminal Police (BKA) targeting two Ukrainian citizens. During the investigative actions, computer equipment, mobile phones, notebooks, and cash were seized. Analysis of the seized materials is ongoing, and once completed, a decision will be made regarding charges, Kravchenko said.
“Cybercrimes have no borders—and the response to them will also be transcontinental, systematic, and inevitable,” the Prosecutor General stated.
The National Police of Ukraine clarified that the activities of the cybercriminal group were stopped by cyberpolice and investigators of the Main Investigative Directorate of the National Police under the procedural guidance of the Cyber Directorate of the Office of the Prosecutor General, in cooperation with Germany’s Federal Criminal Police Office.
As part of the international investigation, two participants operating in Ukraine and performing specific functions within the criminal group were identified. According to investigators, the suspects specialized in technical hacking of protected systems and were involved in preparing cyberattacks using ransomware.
“The perpetrators acted as so-called hash crackers—specialists who extract passwords for accounts in information systems using specialized software,” the police explained.
After obtaining employees’ authorization data, the group gained unauthorized access to the companies’ internal systems and expanded the privileges of compromised accounts within corporate networks.
This access was then used to disrupt critical systems, steal confidential information, and deploy malware to encrypt data and extort payment for its recovery.
During investigative actions, police conducted sanctioned searches at the suspects’ residences in Ivano-Frankivsk and Lviv regions. Evidence of illegal activity was seized, including digital storage devices and cryptocurrency assets.
Within the joint investigation involving Europol experts, a probable organizer of the criminal activity was also identified—a Russian citizen suspected of creating and leading the group.
According to foreign partners, he may also have been involved in another notorious ransomware group, Conti.
At the initiative of Germany’s Federal Criminal Police and the Central Office for Combating Internet Crime of the Frankfurt am Main Prosecutor’s Office (ZIT), the suspect has been declared internationally wanted through Interpol channels.
According to law enforcement agencies of foreign countries, the group involving these suspects is considered one of the most dangerous in cybercrime in recent years.
The main targets of the perpetrators were companies, institutions, and government bodies in economically developed Western countries.
Between 2022 and 2025, the group attacked hundreds of organizations worldwide, causing hundreds of millions of euros in damages.
Current investigative actions are being conducted within the framework of international cooperation among law enforcement agencies of Ukraine, Germany, Switzerland, the Netherlands, and the United Kingdom.
Earlier, at the request of foreign partners, Ukrainian police already carried out searches in Kharkiv and Kharkiv region and other investigative actions against individual members of this group on Ukrainian territory.
