Ukrainian law enforcement authorities on Monday disclosed the
arrest of a hacker responsible for the creation and management of a
“powerful botnet” consisting of over 100,000 enslaved devices that
was used to carry out distributed denial-of-service (DDoS) and spam
attacks on behalf of paid customers.
The unnamed individual, from the Ivano-Frankivsk region of the
country, is also said to have leveraged the automated network to
detect vulnerabilities in websites and break into them as well as
stage brute-force attacks in order to guess email passwords. The
Ukrainian police agency said it conducted a raid of the suspect’s
residence and seized their computer equipment as evidence of
illegal activity.
“He looked for customers on the closed forums and Telegram chats
and payments were made via blocked electronic payment systems,” the
Security Service of Ukraine (SSU) said[1]
in a press statement. The payments were facilitated via WebMoney, a
Russian money transfer platform banned in Ukraine.
The development comes weeks after Russian cybersecurity firm
Rostelecom-Solar, a subsidiary of the telecom operator Rostelecom,
disclosed late last month that it had sinkholed a portion of the
Mēris DDoS botnet[2]
that’s known to have co-opted an estimated 250,000 hosts into its
mesh.
By intercepting and analyzing the commands used to control
infected devices, the company said[3] it was able to “detect
45,000 network devices, identify their geographic location and
isolate them from the botnet.” Over 20% of the devices attacked are
located in Brazil, followed by Ukraine, Indonesia, Poland, and
India.