Dutch cybercops tracked a crypto theft to one of the world’s worst botnets
![The Next Web](/sites/default/files/styles/large/public/2024-05/image.jpg?itok=x6kgZ-d5)
After years of hacking servers to swindle millions of dollars, the notorious Ebury malware gang had slipped into the shadows by 2021. Suddenly, they reemerged with a bang.
The new evidence surfaced during a police investigation in the Netherlands. A cryptocurrency theft had been reported to the Dutch National High Tech Crime Unit (NHTCU). On the victim’s server, the cybercops found a familiar foe: Ebury.
The discovery revealed a new target for the botnet. Ebury had diversified to stealing Bitcoin wallets and credit card details. The NHTCU sought assistance from ESET, a Slovakian cybersecurity firm. The request reopened a case that Marc-Etienne Léveillé has investigated for over a decade. Back in 2014, the ESET researcher had co-authored a white paper on the botnet operations. He called Ebury the “most sophisticated Linux backdoor ever seen” by his team.