Tuesday, February 11, 2025
HomeDDOSUkraine Police Arrests DDoS Botnet Operator Who Have Compromised 100,000 Devices

Ukraine Police Arrests DDoS Botnet Operator Who Have Compromised 100,000 Devices

Published on

SIEM as a Service

Follow Us on Google News

The law enforcement authorities of the Ukrainian have recently arrested a hacker on Monday who is accountable for the formulation and administration of a “powerful botnet” that has over 100,000 controlled devices.

All these devices were utilized to convey out dispersed denial-of-service (DDoS) attacks, as well as spam attacks on account of paid customers.

Here are the information publicized by the Security Service of Ukraine (SSU):- 

  • The suspect’s name was not published.
  • The arrest took place in the Ivano-Frankivsk region, in the Kolomyia district.
  • SSU officers examined the suspect’s house and confiscated their computer equipment.
  • SSU told that the suspect had promoted their services through Telegram and closed-access forums.
  • The suspect took payment through WebMoney, a Russian money transfer platform that is forbidden in Ukraine.

After reviewing the whole attack, the security experts pronounced that the activity that has been conducted by the hackers has included brute-forcing login credentials at websites.

And they are also conducting spamming operations, and penetration testing on remote devices so that they can easily recognize and exploit vulnerabilities. Not only this but SSU officers also claimed that the threat actors not only using the sheer power of the botnet to shut the sites.

Rather than that the threat actors have performed reconnaissance and penetration testing so that they can recognize and exploit vulnerabilities in the websites that they have targeted.

Moreover, the hacker under the Criminal Code of Ukraine is preparing a report of suspicion, and here they are:-

  • Part 2 of Art. 361-1: Creation for the purpose of use, distribution, or sale of malicious software or hardware, as well as their distribution or sale.
  • Part 2 of Art. 363-1: Interference with the work of electronic computers (computers), automated systems, computer networks, or telecommunication networks through the mass distribution of telecommunication messages.

Opsec Mistake

The SSU officers of Ukrainian have conducted a press release just after they identified the attack. However, in the press release, they affirmed that the threat actor has found the customers on individual forums and Telegram channels.

Once he found his customers the threat actors get paid via electronic platforms like ‘Webmoney’ for conducting all these illegal operations and attacks. 

To get the money the hacker initially creates an account on Webmoney that has its actual address, and consequently, here the Ukrainian police get to know the exact location of the operator.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Apple iOS 0-day Vulnerability Exploited Wild in Extremely Sophisticated Attack

Apple has released emergency security updates to address a zero-day vulnerability, CVE-2025-24200, that has...

SHA256 Hash Calculation from Data Chunks

The SHA256 algorithm, a cryptographic hash function, is widely used for securing data integrity...

New Report of of 1M+ Malware Samples Show Application Layer Abused for Stealthy C2

A recent analysis of over one million malware samples by Picus Security has revealed...

Seven-Year-Old Linux Kernel Bug Opens Door to Remote Code Execution

Researchers have uncovered a critical vulnerability in the Linux kernel, dating back seven years,...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

CryptoDNA: AI-Powered Cryptojacking Defense Against DDoS Threats in Healthcare IoT

The integration of Internet of Things (IoT) and Internet of Medical (IoM) devices has...

Record Breaking 5.6 Tbps DDoS attack Launched by Mirai Botnet

 The Mirai botnet unleashed a record-breaking Distributed Denial of Service (DDoS) attack on October...

Apache CXF Vulnerability Triggers DoS Attack

Colm O hEigeartaigh announced a critical vulnerability affecting various versions of Apache CXF, a...