Law Enforcers of Germany and Ukraine Detained Two Members of the DoppelPaymer Group

The authorities of Germany and Ukraine have detained members of the dangerous DoppelPaymer group, which became famous for high-profile data thefts from well-known companies and brands. The raids and detentions took place in February 2023. Europol, the FBI and the Dutch police also took part in the operation.

According to an official press release, on February 28, 2023, German authorities raided the home of an unnamed German citizen who appeared to “play a key role in the extortionist group DoppelPaymer.”

Let me remind you that we also wrote that DoppelPaymer operators published in the public domain Boeing, Lockheed Martin, SpaceX and Tesla documents, and also that DoppelPaymer ransomware attacked Foxconn Mexican division.

In turn, at the same time in Ukraine, police officers “interrogated a citizen of Ukraine, who is also considered the main member of the DoppelPaymer group.” In addition, the police conducted searches at two sites – in Kyiv and Kharkov.

It is reported that investigators are currently examining the equipment seized from the alleged perpetrators to determine their exact roles in the structure of the group. Three Europol experts have already been sent to Germany to verify operational information, as well as to assist in the analysis and work of cybercriminalists.

In the meantime, the German authorities said that, according to them, five main actors were involved in the activities of DoppelPaymer, who maintained the infrastructure, administered sites for data breaches, negotiated with the victims and deployed the ransomware in the networks of the victims.

It is known that arrest warrants have already been issued for three more suspects who are currently on the international wanted list:

1. Igor Garshin – is considered responsible for reconnaissance, hacking and deployment of DoppelPaymer malware in the networks of victims;
2. Igor Olegovich Turashev – allegedly took an active part in attacks on German companies, acting as an administrator of the infrastructure and malware used for intrusions;
3. Irina Zemlyanikina – responsible for the initial stage of the attack, sending out malicious emails; also ran data breach sites, a chat system, and posted online data stolen from victims.

According to German police, the five suspects are the “leaders” of the DoppelPaymer hack group and they are linked to Russia. It is also reported that all three of the above suspects are members of the Indrik Spider group, which used the BitPaymer ransomware in the past.

It is worth noting that Igor Turashev has been on the FBI’s most wanted list for several years. So, a few years ago, the American authorities charged him in absentia, believing that he was associated with the Evil Corp group, the development of the Dridex malware, and more.