A coalition of law enforcement authorities including German police, U.S. authorities, the FBI, Europol, Eurojust and the International Criminal Police Organization (Interpol) recently dismantled an international criminal infrastructure platform known as Avalanche.
The Avalanche network was used as a delivery platform to launch globalized malware attacks, causing damages through cyberattacks to banking infrastructure. Approximately 500,000 computers worldwide were targeted and controlled by the Avalanche network on a daily basis, with total estimated damages reaching in the hundreds of millions of euros.
In a coordinated action plan involving more than 30 countries, approximately 800,000 internet domains were seized or blocked entirely. Additionally, five individuals were detained, 37 premises were searched and 39 servers were seized. About 220 servers were also put offline through abuse notifications sent to hosting providers.
In total, malware victims were identified from more than 180 countries. Prior to any seizures or action, German law enforcement analyzed approximately 130 terabytes of data and identified the server structure of the botnet.
Authorities estimate that criminal enterprises have been exploiting servers and financial accounts since 2009, with more than one million emails with damaging attachments sent to unsuspecting victims every week.
The server infrastructure takedown was supported by INTERPOL, the Shadows Server Foundation, Registrar of Last Resort, ICANN and various domain registries.