Ukraine halts DDoS botnet operator with 100,000 compromised devices

Ukrainian law enforcement authorities on Monday revealed the arrest of a hacker responsible for creating and managing a “powerful botnet” made up of more than 100,000 slave devices that was used to carry out distributed denial of service (DDoS) attacks and spam attacks on behalf of paying customers.

The anonymous individual, originally from the Ivano-Frankivsk region, is also said to have used the automated network to detect vulnerabilities in and enter websites, as well as to launch brute-force attacks to guess the passwords of e -mails. The Ukrainian police agency said it searched the suspect’s home and seized his computer equipment as evidence of illegal activity.

Automatic GitHub backups

“He searched for clients on closed forums and Telegram chats and payments were made through blocked electronic payment systems,” Security Service of Ukraine (SSU) noted in a press release. Payments were made easier through WebMoney, a Russian money transfer platform banned in Ukraine.

But in what appears to be a trivial opsec error, the actor registered the WebMoney account with his legitimate address, allowing officials to focus on his whereabouts.

DDoS botnet

The development comes weeks after Russian cybersecurity firm Rostelecom-Solar, a subsidiary of telecommunications operator Rostelecom, revealed late last month that it had engulfed part of the Mēris DDoS botnet which is known to have co-opted around 250,000 hosts in its network.

Corporate password management

By intercepting and analyzing the commands used to control infected devices, the business noted it was able to “detect 45,000 network devices, identify their geographic location and isolate them from the botnet.” More than 20% of the attacked aircraft are in Brazil, followed by Ukraine, Indonesia, Poland and India.


Source link

Comments are closed.