Business Club

Business Club is a Russian-speaking cybercriminal group that referred to itself internally as the "Business Club." Reporting cited in the content links it to the Gameover ZeuS ecosystem and to large-scale bank fraud using Evgeniy Mikhailovich Bogachev’s ZeuS banking trojan. The group is described as having a core of about six members supported by more than 50 additional individuals, operating as a structured criminal enterprise with specialized roles including technical support, malware supply, and money mule recruitment, with membership involving an initial fee and profit-sharing. Key leaders, including Bogachev, were reportedly based in or around Krasnodar, Russia, and members were spread across much of Russia’s time zones, enabling fraud operations across multiple regions during local business hours. The content states that the JabberZeuS Crew and the Business Club collectively stole more than $200 million from U.S. and U.K. financial institutions using ZeuS. Business Club operators used the Gameover ZeuS control panel, which they called the "World Bank Center," to intercept banking security challenges such as one-time tokens and secret questions. The group also used fraudulent wire transfers from hacked U.S. and European accounts to Chinese front companies near the Russia-China border, including in Heilongjiang province, and established phony trading and shipping companies in places such as Raohe county and Suifenhe to receive funds. The content also notes that attacks involving Dyre could be connected to the Business Club cybercriminal group. In addition, Fox-IT reporting described in the content found that Bogachev did not share the entire botnet with other Business Club members and secretly repurposed part of it for espionage against targets in Ukraine, Turkey, and Georgia; however, that espionage activity is described as managed by Bogachev himself and hidden from at least some other Business Club members. Known alias in the provided content: business_club.