The outfit runs the Citadel Botnets and is believed to have stolen more than $500 million from bank accounts over the past 18 months. Citadel is one of the biggest botnets in operation today.
Citadel is a banking Trojan that has been in existence since 2011. As with most banking Trojans, Citadel is a full crimeware kit, providing the attackers with payload builders, a command and control (C&C) server infrastructure, and configuration scripts to target various banks.
Citadel infected as many as 5 million PCs around the world including here in Australia and according to Microsoft, was used to steal from dozens of financial institutions, including American Express, Bank of America, Citigroup, Credit Suisse, eBay's PayPal, HSBC, JPMorgan Chase, Royal Bank of Canada and Wells Fargo.
Citadel installed keylogging software onto a computer, which tracked everything a person typed. Microsoft also admitted that it does not expect to have wiped out the Citadel botnet fully, simply because of its sheer size.
As a result, when users access their bank accounts online, they unwittingly provide access to banking passwords and other confidential information to the hackers.
Earlier Wednesday, federal marshals escorted Microsoft officials to two data hosting facilities in New Jersey and Pennsylvania, where they seized data and evidence from the botnets.
Microsoft has filed a civil lawsuit in the U.S. District Court in Charlotte, North Carolina against the unknown hackers and obtained a court order to shut down the botnets and identifies the ringleader as 'John Doe No. 1', who goes by the alias Aquabox and is accused of creating and maintaining the botnet.
The FBI working closely with Europol and other overseas authorities to try to capture the unknown criminals.
Microsoft and its allies did not believe the threat from Citadel was eliminated but were confident they were able to significantly disrupt the criminal operation.