Ukraine Police Arrest Botnet Attack Controller
Ukrainian law enforcement officers have arrested a suspected botnet herder responsible for controlling an automated network of around 100,000 compromised machines to launch DDoS and other attacks. The unnamed individual is also said to have leveraged the automated network to detect vulnerabilities in websites and break into them as well as stage brute-force attacks in order to guess email passwords.
The Ukrainian SSU police agency say the resident of Ivano-Frankivsk also used the botnet to launch spam campaigns, scan for vulnerabilities in websites to exploit, and brute-force users’ email passwords.
The SSU says it conducted a raid of the suspect's residence and seized their computer equipment as evidence of illegal activity. "He looked for customers on the closed forums and Telegram chats and payments were made via blocked electronic payment systems," the Security Service of Ukraine (SSU) said in a press statement. The payments were facilitated via WebMoney, a Russian money transfer platform banned in Ukraine.
According to an SSU statement, the hacker used his botnet’s sheer force to bring down websites and to have conducted reconnaissance and penetration testing on the target websites in order to find and exploit weaknesses.
He communicated with customers for his services on encrypted channels like Telegram and closed underground forums, and received the payment through platforms banned in Ukraine like WebMoney. The National Security and Defence Council of Ukraine imposed sanctions on this Russian firm in 2018.
The suspect registered his real address with WebMoney, enabling SSU officers to find him and he now faces charges under the Criminal Code of Ukraine, which relates to the creation, distribution, or sale of malicious software or hardware; and interference with the work of computers, automated systems, and computer or telecoms networks. These charges could incur severe penalties like several years of imprisonment
Ukrainian law enforcers have been busy as the country continues to be a home for numerous highly effective threat actors. In February 2020 police arrested members of Egregor a ransomware group and in June, six members of the Clop ransomware gang were arrested in Ukraine. Then in October, two “prolific ransomware operators” were also arrested.
Those arrests come in stark contrast to law enforcement activity in Russia, where the state appears to be allowing cyber crime activity as long as it is targeted at victims outside the country.
Gov.UA: Heimdal Security: Wired: Cyber Reports: Infosecurity Magazine: Hacker News:
You Might Also Read: