A hacker group called "Double-Spider" caused fear and terror, and now investigators from North Rhine-Westphalia are said to have caught them. According to their own statements, they have identified the suspected masterminds of the international network of cyber criminals who are said to be responsible for spectacular hacker attacks worldwide.
Arrest warrants had been issued against three suspects, and eight others were being investigated, reported investigators from the State Criminal Police Office and the public prosecutor's office in Düsseldorf on Monday. They are between 32 and 41 years old. Europol and the FBI were involved in the investigation.
The suspects are accused of, among other things, the attack on the Düsseldorf University Hospital, the Funke media group and the Anhalt-Bitterfeld district, which had therefore declared the disaster.
One of the suspects, a 41-year-old Russian, is also wanted by the FBI, which has offered a $5 million reward for him. The group is accused of more than 600 attacks on institutions worldwide, resulting in significant damage.
The criminal group called "Double-Spider" or "Grief" (grief) has connections to Russia, but there is no evidence of state actors behind the machinations. According to investigators, the suspects wanted a ransom in the millions.
"In the case of individuals in this group of perpetrators, we also see references and connections to the Russian domestic secret service FSB and the paramilitary mercenary group Wagner," said North Rhine-Westphalia Interior Minister Herbert Reul (CDU). Wagner boss Yevgeny Prigozchin recently admitted publicly that his people committed, or at least attempted, election rigging in the United States, among other places. Even if the deeds served personal enrichment, it is reasonable to assume that they were at least tolerated by the state. In addition, it cannot be ruled out that the skimmed data and funds will also be used for government purposes.
The three suspects Igor T., 41, Irina Z., 36 and Igor G., 32, are now being sought worldwide. You are now on Europol's "Europe's most wanted" list. Where the trio is currently staying is unclear. "The attacks on the critical infrastructure are a game of life and death," said a Europol spokesman in Düsseldorf.
"Cyber criminals like this don't stop at university hospitals," says LKA boss Ingo Wünsch. "Companies need to secure their digital gates." In the case of the Düsseldorf University Hospital, there was a suspicion that the hackers could be responsible for the death of a patient. Ultimately, however, this was not confirmed.
Despite the war, the police in Ukraine actively supported the investigation, the investigators reported. There and in Germany there had been searches and interrogations in the past week.
In Germany, the group attacked and damaged at least 37 institutions. An unreported number can be assumed because there are still companies that pay the ransom without involving the police.
In 2021, the international investigations against the group were taken over in North Rhine-Westphalia. A shadow economy came to light.
There are job advertisements and headhunters for hackers. So-called access brokers deal with insecure places in company networks. Hacker attacks would also be brokered to third parties as criminal services. The whole thing is handled via money laundering networks with cryptocurrencies.
In addition to the three suspects mentioned, eight others from Germany, Russia, Moldova and Ukraine are being investigated. 13 EU countries are affected. They are wanted for particularly severe extortion and computer sabotage.
Prosecutor Markus Hartmann said it had now been possible to prove concrete actions to specific people. The digital traces were so compressed that it was enough for arrest warrants. "The term hacker attack is actually a trivialization of what happened." You are dealing with structured organized crime.
The international search will now make it more difficult for the suspects to spend their money in Paris, London or Milan, for example. The suspects had developed software from well-known hacker groups such as the Evil Group or Dridex and thus attacked companies themselves, reported LKA investigator Dirk Kunze. "Double-Spider", literally translated double spider, is the English term for the crankset as part of the pedal system on the bicycle.
One of the precursor groups is believed to be responsible for the attack on Britain's national healthcare system. In this case, the NRW investigative group "Parker" made almost 100 requests for legal assistance, including to Russia. She is now hoping for information on the whereabouts of the suspects.