[BreachExchange] Ukrainian police arrest DDoS operator controlling 100, 000 bots
Terrell Byrd
terrell.byrd at riskbasedsecurity.com
Mon Oct 11 13:22:09 EDT 2021
https://www.bleepingcomputer.com/news/security/ukrainian-police-arrest-ddos-operator-controlling-100-000-bots/
Ukrainian police have arrested a hacker who controlled a 100,000 device
botnet used to perform DDoS attacks on behalf of paid customers.
DDoS for hire
The threat actor was arrested at his home in Prykarpattia where he was
allegedly using the botnet to perform DDoS attacks or to support other
malicious activity for his clients.
This activity included brute-forcing login credentials at web sites,
performing spamming operations, and to penetration testing on remote
devices to identify and exploit vulnerabilities.
According to the SSU announcement, the hacker wasn’t simply using the sheer
power of his botnet to take down sites. Instead, he also performed
reconnaissance and penetration testing to identify and exploit
vulnerabilities in the target websites.
Opsec mistake
A press release by the Ukrainian SSU states the hackers found his customers
on private forums and Telegram channels, where he was paid through
electronic platforms such as ‘Webmoney’ for his illicit activity. This
payment platform is subject to sanctions in the Ukraine.
The actor registered an account on Webmoney with his real address, allowing
the Ukrainian police to find where he lives. In the home, law enforcement
seized computer equipment that controlled the botnet, effectively shutting
down the malicious operation.
The Ukrainian hacker is now facing charges for the violation of Part 2 of
Art. 361-1 of the Criminal Code of the country, relevant to the
distribution and sale of malicious software, and the interference with the
work of computers and networks.
These charges could incur severe penalties like several years of
imprisonment, but the police will first have to fully evaluate the evidence
that is stored in the seized systems to determine the full scope of the
hacker’s acts.
This arrest continues worldwide law enforcement operations to disrupt DDoS
attacks that can cause wide-reaching impact against businesses and
infrastructure.
Last month, the US Department of Justice charged an operator of the WireX
Android botnet for a distributed denial-of-service attack on a
multinational hotel chain.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211011/2049b0f9/attachment.html>
More information about the BreachExchange
mailing list