Threat Management, Malware

Avalanche takedown involved searches in 40 countries


In making its announcement on Monday of the shutdown of Avalanche, the U.S. Department of Justice said it turned the tables on the criminals, "by targeting not just individual actors, but the entire Avalanche infrastructure." 

The complex network of computer servers was used by criminals in several countries for money laundering operations and to deliver more than two dozen iterations of malicious software, capable of stealing sensitive personal information.

“The takedown of Avalanche was unprecedented in its scope, scale, reach and cooperation among 40 countries,” said Acting U.S. Attorney Soo C. Song of the Western District of Pennsylvania.  “This is the first time that we have aimed to and achieved the destruction of a criminal cyber infrastructure while disrupting all of the malware systems that relied upon it to do harm.”

The statement from the Justice Department said the Avalanche network had been operating since at least 2010 and was believed to serve clients operating as many as half a million infected computers throughout the world each day. Financial damage from its operation is estimated to be in the hundreds of millions of dollars globally.

The U.S. Attorney's Office of the Western District of Pennsylvania, the FBI and the Criminal Division's Computer Crime and Intellectual Property Section (CCIPS) conducted the operation in close cooperation with the Public Prosecutor's Office Verden; the Luneburg Police of Germany; Europol; and Eurojust, located in The Hague, Netherlands; as well as investigators and prosecutors from more than 40 jurisdictions, including India, Singapore, Taiwan and Ukraine.     

Other partners included the Department of Homeland Security's U.S.-Computer Emergency Readiness Team (US-CERT), the Shadowserver Foundation, Fraunhofer Institute for Communication, Registry of Last Resort, ICANN and domain registries from around the world.  The Criminal Division's Office of International Affairs also provided significant assistance, the statement said.  

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.