Avalanche Cybercriminal Infrastructure Takedown

ID 659051
Updated 12/16/2016
Version Latest



Congratulations to the multinational government agencies involved in the takedown of the Avalanche cybercriminal infrastructure!  The U.S. Attorney’s Office, FBI, Europol, German Police, and others from over 40 countries were involved in disrupting one of the largest support structures for malware, digital money laundering, and Distributed Denial-of-Service (DDoS) attacks.  Searches, seizures, and arrests in four countries were conducted to dismantle the sophisticated network of people and technology.

Burying Malware

Avalanche hosted, supported, and distributed dozens of malware families, including Citadel, TeslaCrypt, VM-Zues, bugat, QakBot, and many others.  For a complete list, visit the US-CERT announcement page.  Most notably, it targeted over 40 major financial institutions and hosted major ransomware malware.  According to the U.S. CERT team, it was “used to run money mule schemes where criminals recruited people to commit fraud involving transporting and laundering stolen money or merchandise”.

The Avalanche group has been very active for many years.  Back in 2010 it was known for its phishing activities and involvement with various Zeus banking trojan malware variants.

This takedown will have a cascading impact to cybercriminals who have relied on its capabilities.  It will likely result in a reduced amount of activity until such time as criminals can replace or rebuild these functions.  It is a greatly appreciated reprieve.  The absence of money laundering services will also be a painful hit to many criminal groups.  With Avalanche down or at the very least impacted, it will force changes on behalf of the criminals it serviced.  Those deviations represent opportunities for law enforcement’s future actions.

Hidden Benefits

Depending upon the systems and data captured and the cooperation of the people arrested, there may be some great intelligence benefits.  Law enforcement may be able to track down some of the organized criminals behind the various malware families and cyber-fraud campaigns.  This could lead to more arrests and impacts to malware generation.


A job well done by the multinational team who cooperated to bring down this malignant structure supporting cybercriminals impacting people, governments, and businesses across the globe.  Keep up the good work!




Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.