The mastermind behind malware attacks that programmed ATMs to spit out cash on demand and caused more than 1 billion euros ($1.2 billion) of losses has been arrested in Spain.

The leader of a criminal gang that carried out the malware attacks known as Carbanak and Cobalt was detained in Alicante following an investigation by Spanish police, Europol and the U.S. Federal Bureau of Investigation. Europol, the European Union agency for law enforcement cooperation, did not name the suspect in a statement on Monday. Romanian, Belarussian and Taiwanese authorities also took part in the manhunt.

The organized crime group has been operating since 2013, targeting over 100 financial institutions around the world in heists of as much as 10 million euros per operation. The malware they created could instruct ATMs to dispense cash at a predetermined time, with gang members waiting by the machines collecting the money.

They also used the e-payment network to transfer money from banks into criminal accounts, and used access to databases to inflate bank account balances in order to collect the money using money mules, Europol said. Europol said the profits were laundered using cryptocurrencies to buy luxury houses and cars.

Europol provided no information about other members of the gang.

The arrest marks at least the second time in a year that international cooperation in law enforcement has brought down a cybercrime operation. In July, Dutch police working with Europol, the FBI and the U.S. Drug Enforcement Agency shut down the operations of AlphaBay and Hansa, two markets for the sale of drugs, firearms and malware that operated on the so-called dark web.

Bloomberg News