Avalanche Cybercriminal Infrastructure Takedown

Published: 12/16/2016, Last Updated: 12/16/2016

Congratulations to the multinational government agencies involved in the takedown of the Avalanche cybercriminal infrastructure!  The U.S. Attorney’s Office, FBI, Europol, German Police, and others from over 40 countries were involved in disrupting one of the largest support structures for malware, digital money laundering, and Distributed Denial-of-Service (DDoS) attacks.  Searches, seizures, and arrests in four countries were conducted to dismantle the sophisticated network of people and technology.

Burying Malware

Avalanche hosted, supported, and distributed dozens of malware families, including Citadel, TeslaCrypt, VM-Zues, bugat, QakBot, and many others.  For a complete list, visit the US-CERT announcement page.  Most notably, it targeted over 40 major financial institutions and hosted major ransomware malware.  According to the U.S. CERT team, it was “used to run money mule schemes where criminals recruited people to commit fraud involving transporting and laundering stolen money or merchandise”.

The Avalanche group has been very active for many years.  Back in 2010 it was known for its phishing activities and involvement with various Zeus banking trojan malware variants.

This takedown will have a cascading impact to cybercriminals who have relied on its capabilities.  It will likely result in a reduced amount of activity until such time as criminals can replace or rebuild these functions.  It is a greatly appreciated reprieve.  The absence of money laundering services will also be a painful hit to many criminal groups.  With Avalanche down or at the very least impacted, it will force changes on behalf of the criminals it serviced.  Those deviations represent opportunities for law enforcement’s future actions.

Hidden Benefits

Depending upon the systems and data captured and the cooperation of the people arrested, there may be some great intelligence benefits.  Law enforcement may be able to track down some of the organized criminals behind the various malware families and cyber-fraud campaigns.  This could lead to more arrests and impacts to malware generation.


A job well done by the multinational team who cooperated to bring down this malignant structure supporting cybercriminals impacting people, governments, and businesses across the globe.  Keep up the good work!




Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

Product and Performance Information


Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804