Ukraine Police Arrest Botnet Attack Controller

Uploaded on 2021-10-15 in GOVERNMENT-Law Enforcement, FREE TO VIEW

Ukrainian law enforcement officers have arrested a suspected botnet herder responsible for controlling an automated network of around 100,000 compromised machines to launch DDoS and other attacks. The unnamed individual is also said to have leveraged the automated network to detect vulnerabilities in websites and break into them as well as stage brute-force attacks in order to guess email passwords. 

The Ukrainian SSU police agency say the resident of Ivano-Frankivsk also used the botnet to launch spam campaigns, scan for vulnerabilities in websites to exploit, and brute-force users’ email passwords.

The SSU says it conducted a raid of the suspect's residence and seized their computer equipment as evidence of illegal activity. "He looked for customers on the closed forums and Telegram chats and payments were made via blocked electronic payment systems," the Security Service of Ukraine (SSU) said in a press statement. The payments were facilitated via WebMoney, a Russian money transfer platform banned in Ukraine.

According to an SSU statement, the hacker used his botnet’s sheer force to bring down websites and to have  conducted reconnaissance and penetration testing on the target websites in order to find and exploit weaknesses.
He communicated with customers for his services on encrypted channels like Telegram and closed underground forums, and received the payment through platforms banned in Ukraine like WebMoney. The National Security and Defence Council of Ukraine imposed sanctions on this Russian firm in 2018. 

The suspect registered his real address with WebMoney, enabling SSU officers to find him and he now faces charges under the Criminal Code of Ukraine, which relates to the creation, distribution, or sale of malicious software or hardware; and interference with the work of computers, automated systems, and computer or telecoms networks. These charges could incur severe penalties like several years of imprisonment

Ukrainian law enforcers have been busy as the country continues to be a home for numerous highly effective threat actors. In February 2020 police arrested members of Egregor a ransomware group and in June, six members of the Clop ransomware gang were arrested in Ukraine. Then in October, two “prolific ransomware operators” were also arrested.

Those arrests come in stark contrast to law enforcement activity in Russia, where the state appears to be allowing cyber crime activity as long as it is targeted at victims outside the country. 

Gov.UA:        Heimdal Security:      Wired:      Cyber Reports:     Infosecurity Magazine:       Hacker News

You Might Also Read: 

Mēris Botnet Goes Global:

 

« Russia's Criminal Hackers
British Police IT Systems Cannot Cope With Cyber Crime »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

High-Tech Bridge

High-Tech Bridge

High-Tech Bridge SA is a Swiss MSSP provider offering security auditing, source code review and computer forensics.

RU-CERT

RU-CERT

RU-CERT is the CSIRT / CERT team of the Russian Federation.

Tiro Security

Tiro Security

Tiro Security is a boutique company specializing in information security and IT audit recruitment and solutions.

Deutsche Cyber-Sicherheitsorganisation (DCSO)

Deutsche Cyber-Sicherheitsorganisation (DCSO)

DCSO is an IT security specialist with a focus in three areas - technology management, managed security services, security consulting and auditing.

Claranet

Claranet

Claranet are experts in modernising and running critical applications and infrastructure through end-to-end professional services, managed services and training.

Energia Ventures

Energia Ventures

Energia Ventures is a three-month intensive accelerator for entrepreneurs with an innovative business in the energy, smart grid, cleantech, and cybersecurity sectors.

X Technologies

X Technologies

X Technologies provide world-class engineering, information technology, information security, program management and repair services to Federal, State and commercial customers.

RedHunt Labs

RedHunt Labs

RedHunt Labs is a premier Cybersecurity Solutions provider, offering Attack Surface Management solution 'NVADR' and Penetration Testing services.

Deeper Network

Deeper Network

Deeper Network represents the world's first decentralized blockchain network for building a truly private, secure and fair Internet.

Appsian Security

Appsian Security

Appsian provides powerful solutions that help organizations take control of their business critical data and financial transactions.

Advent One

Advent One

Advent One are recognised for solving intricate dilemmas, not only making technology work but building foundations that customers can grow upon in an effective and secure way.

National Cybersecurity Alliance

National Cybersecurity Alliance

The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world.

Space Hellas

Space Hellas

Space Hellas is a dynamic, established System Integrator and Value Added Solutions Provider, holding a leading position in the high technology arena.

Sterling Information Technologies

Sterling Information Technologies

Sterling is an information security, operational risk consulting and advisory group. Our Advisory services help to safeguard information assets while supporting business operations.

SkillsDA

SkillsDA

SkillsDA is pureplay company in cyber security involved in capacity building towards National Security.

Tryaq

Tryaq

Tryaq are a group of cybersecurity experts and enthusiasts who share the mission to make the world feel safer online.