Ukraine Police Arrest Botnet Attack Controller

Ukrainian law enforcement officers have arrested a suspected botnet herder responsible for controlling an automated network of around 100,000 compromised machines to launch DDoS and other attacks. The unnamed individual is also said to have leveraged the automated network to detect vulnerabilities in websites and break into them as well as stage brute-force attacks in order to guess email passwords. 

The Ukrainian SSU police agency say the resident of Ivano-Frankivsk also used the botnet to launch spam campaigns, scan for vulnerabilities in websites to exploit, and brute-force users’ email passwords.

The SSU says it conducted a raid of the suspect's residence and seized their computer equipment as evidence of illegal activity. "He looked for customers on the closed forums and Telegram chats and payments were made via blocked electronic payment systems," the Security Service of Ukraine (SSU) said in a press statement. The payments were facilitated via WebMoney, a Russian money transfer platform banned in Ukraine.

According to an SSU statement, the hacker used his botnet’s sheer force to bring down websites and to have  conducted reconnaissance and penetration testing on the target websites in order to find and exploit weaknesses.
He communicated with customers for his services on encrypted channels like Telegram and closed underground forums, and received the payment through platforms banned in Ukraine like WebMoney. The National Security and Defence Council of Ukraine imposed sanctions on this Russian firm in 2018. 

The suspect registered his real address with WebMoney, enabling SSU officers to find him and he now faces charges under the Criminal Code of Ukraine, which relates to the creation, distribution, or sale of malicious software or hardware; and interference with the work of computers, automated systems, and computer or telecoms networks. These charges could incur severe penalties like several years of imprisonment

Ukrainian law enforcers have been busy as the country continues to be a home for numerous highly effective threat actors. In February 2020 police arrested members of Egregor a ransomware group and in June, six members of the Clop ransomware gang were arrested in Ukraine. Then in October, two “prolific ransomware operators” were also arrested.

Those arrests come in stark contrast to law enforcement activity in Russia, where the state appears to be allowing cyber crime activity as long as it is targeted at victims outside the country. 

Gov.UA:        Heimdal Security:      Wired:      Cyber Reports:     Infosecurity Magazine:       Hacker News

You Might Also Read: 

Mēris Botnet Goes Global:

 

« Russia's Criminal Hackers
British Police IT Systems Cannot Cope With Cyber Crime »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

L7 Defense

L7 Defense

L7 Defense helps organizations to protect their infrastructure, applications, customers, employees, and partners against the growing risk of API-borne attacks.

Eustema

Eustema

Eustema designs and manages ICT solutions for medium and large organizations.

Cask Government Services

Cask Government Services

Cask Government Services focuses on program management, cybersecurity, logistics, business analysis and engineering services for Federal, State and Local Government.

Data Terminator

Data Terminator

Data Terminator provide a comprehensive range of secure data destruction equipment and services are in compliance to US Department of Defense (DoD) and National Security Agency (NSA) standards.

WootCloud

WootCloud

WootCloud is the only enterprise device security solution provider to leverage both the radio and network characteristics to neutralize device threats.

Mendoza Ventures

Mendoza Ventures

Mendoza Ventures is a venture capital fund focusing on pre-seed Artificial Intelligence (AI), Fintech, and Cybersecurity startups.

KnectIQ

KnectIQ

Building Trust Environments in a Zero-Trust World. KnectIQ offers KIQAssure, an Ultra High Security Solution for Data in Flight.

Canopius Group

Canopius Group

Canopius is a global specialty lines insurance and reinsurance company and one of the top 10 insurers in the Lloyd’s insurance market.