Ukraine Police Cuff Botnet Herder Who Controlled 100K Machines

Ukraine Police Cuff Botnet Herder Who Controlled 100K Machines
Phil Muncaster
Phil Muncaster UK / EMEA News Reporter , Infosecurity Magazine
Email PhilFollow @philmuncaster
Ukrainian law enforcers have arrested a suspected botnet herder responsible for controlling an automated network of around 100,000 compromised machines to launch DDoS and other attacks.

The Security Service of Ukraine (SSU) claimed the resident of Ivano-Frankivsk also used the botnet to launch spam campaigns, scan for vulnerabilities in websites to exploit, and brute-force users’ email passwords.

He’s said to have found and communicated with customers for his services on encrypted channels like Telegram and closed underground forums, and received the payment through platforms banned in Ukraine like WebMoney.

The National Security and Defence Council of Ukraine imposed sanctions on the Russian firm back in 2018.

Unfortunately for the individual, he registered his real address with WebMoney, enabling SSU officers to find him pretty easily.

He now faces charges under Part 2 of Article 361-1 of the Criminal Code of Ukraine, which relates to the creation, distribution, or sale of malicious software or hardware; and interference with the work of computers, automated systems, and computer or telecoms networks.

Police are currently looking through the equipment seized at the property to find out more.

Ukrainian law enforcers have had a busy time over recent years, as the country continues to harbor more than its fair share of threat actors.

In February last year, police arrested suspected members of the Egregor ransomware group. A few months later, in June, six suspected members of the notorious Clop ransomware gang were cuffed in Ukraine.

Then in October, two “prolific ransomware operators” were arrested in the country after an international law enforcement operation.

Those arrests come in stark contrast to law enforcement activity in Russia, where the state appears to give its blessing to cybercrime activity as long as it is targeted at victims outside the country.