Ukraine Police Arrest Botnet Attack Controller

Ukrainian law enforcement officers have arrested a suspected botnet herder responsible for controlling an automated network of around 100,000 compromised machines to launch DDoS and other attacks. The unnamed individual is also said to have leveraged the automated network to detect vulnerabilities in websites and break into them as well as stage brute-force attacks in order to guess email passwords. 

The Ukrainian SSU police agency say the resident of Ivano-Frankivsk also used the botnet to launch spam campaigns, scan for vulnerabilities in websites to exploit, and brute-force users’ email passwords.

The SSU says it conducted a raid of the suspect's residence and seized their computer equipment as evidence of illegal activity. "He looked for customers on the closed forums and Telegram chats and payments were made via blocked electronic payment systems," the Security Service of Ukraine (SSU) said in a press statement. The payments were facilitated via WebMoney, a Russian money transfer platform banned in Ukraine.

According to an SSU statement, the hacker used his botnet’s sheer force to bring down websites and to have  conducted reconnaissance and penetration testing on the target websites in order to find and exploit weaknesses.
He communicated with customers for his services on encrypted channels like Telegram and closed underground forums, and received the payment through platforms banned in Ukraine like WebMoney. The National Security and Defence Council of Ukraine imposed sanctions on this Russian firm in 2018. 

The suspect registered his real address with WebMoney, enabling SSU officers to find him and he now faces charges under the Criminal Code of Ukraine, which relates to the creation, distribution, or sale of malicious software or hardware; and interference with the work of computers, automated systems, and computer or telecoms networks. These charges could incur severe penalties like several years of imprisonment

Ukrainian law enforcers have been busy as the country continues to be a home for numerous highly effective threat actors. In February 2020 police arrested members of Egregor a ransomware group and in June, six members of the Clop ransomware gang were arrested in Ukraine. Then in October, two “prolific ransomware operators” were also arrested.

Those arrests come in stark contrast to law enforcement activity in Russia, where the state appears to be allowing cyber crime activity as long as it is targeted at victims outside the country. 

Gov.UA:        Heimdal Security:      Wired:      Cyber Reports:     Infosecurity Magazine:       Hacker News

You Might Also Read: 

Mēris Botnet Goes Global:

 

« Russia's Criminal Hackers
British Police IT Systems Cannot Cope With Cyber Crime »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Concise Technologies

Concise Technologies

Concise Technologies provide specialist IT and telecoms solutions, support services, managed backup, disaster recovery, cyber security and consultancy to SME businesses across the UK and Europe.

Fluency Security

Fluency Security

Fluency is the only Security Analytics & Orchestration (SAO) solution that automates correlation, detection, validation and ongoing tracking.

GeoLang

GeoLang

GeoLang’s Ascema platform protects sensitive information at the content level by identifying, classifying and tracking data across the corporate infrastructure.

Tevora

Tevora

Tevora is a specialized management consultancy focused on cyber security, risk, and compliance services.

ZenMate

ZenMate

ZenMate is a Virtual Private Network services provider offering secure encrypted access to the internet.

CryptoMill Cybersecurity Solutions

CryptoMill Cybersecurity Solutions

CryptoMill Cybersecurity Solutions provides advanced, innovative data security solutions for enterprises, professionals and individuals.

Curricula

Curricula

Curricula's cyber security awareness training delivers short relatable security stories to your employees. We make learning cyber security simple and fun.

North American International Cyber Summit

North American International Cyber Summit

The North American International Cyber Summit brings together experts from around the globe to provide timely content and address a variety of cybersecurity issues impacting the world.

DoQubiz Technology

DoQubiz Technology

DoQubiz is using the idea of security through obscurity to develop their proprietary Fractal Security Engine that implements a highly resilient data protection protocol.

Triaxiom Security

Triaxiom Security

Triaxiom Security offers penetration testing, security audits, and strategic consulting customized to meet your needs.

Cider Security

Cider Security

Cider Security - It’s time to revolutionize the way Security, Dev and DevOps teams work together to supercharge security at the speed of engineering.

watchTowr

watchTowr

Continuous Attack Surface Testing, with the watchTowr Platform. The future of Attack Surface Management.

MicroAge

MicroAge

Powered by five decades of experience, lasting partnerships, client relationships, and the values that guide us daily, MicroAge is here to help you secure, accelerate, and transform your business.

CommandK

CommandK

CommandK provides companies with infrastructure to protect their sensitive data. Built-in solutions to prevent data-leaks and simplify governance.

Occentus Network

Occentus Network

Occentus Network is a telecommunications service provider specialized in High Availability Servers & managed Cloud services.

SignMyCode

SignMyCode

SignMyCode is a one-stop shop for trusted and authentic code signing solutions to safeguard software.