Ukraine Police Arrests DDoS Botnet Operator Who Have Compromised 100,000 Devices

The law enforcement authorities of the Ukrainian have recently arrested a hacker on Monday who is accountable for the formulation and administration of a “powerful botnet” that has over 100,000 controlled devices.

All these devices were utilized to convey out dispersed denial-of-service (DDoS) attacks, as well as spam attacks on account of paid customers.

Here are the information publicized by the Security Service of Ukraine (SSU):- 

• The suspect’s name was not published.
• The arrest took place in the Ivano-Frankivsk region, in the Kolomyia district.
• SSU officers examined the suspect’s house and confiscated their computer equipment.
• SSU told that the suspect had promoted their services through Telegram and closed-access forums.
• The suspect took payment through WebMoney, a Russian money transfer platform that is forbidden in Ukraine.

After reviewing the whole attack, the security experts pronounced that the activity that has been conducted by the hackers has included brute-forcing login credentials at websites.

And they are also conducting spamming operations, and penetration testing on remote devices so that they can easily recognize and exploit vulnerabilities. Not only this but SSU officers also claimed that the threat actors not only using the sheer power of the botnet to shut the sites.

Rather than that the threat actors have performed reconnaissance and penetration testing so that they can recognize and exploit vulnerabilities in the websites that they have targeted.

Moreover, the hacker under the Criminal Code of Ukraine is preparing a report of suspicion, and here they are:-

• Part 2 of Art. 361-1: Creation for the purpose of use, distribution, or sale of malicious software or hardware, as well as their distribution or sale.
• Part 2 of Art. 363-1: Interference with the work of electronic computers (computers), automated systems, computer networks, or telecommunication networks through the mass distribution of telecommunication messages.

Opsec Mistake

The SSU officers of Ukrainian have conducted a press release just after they identified the attack. However, in the press release, they affirmed that the threat actor has found the customers on individual forums and Telegram channels.

Once he found his customers the threat actors get paid via electronic platforms like ‘Webmoney’ for conducting all these illegal operations and attacks. 

To get the money the hacker initially creates an account on Webmoney that has its actual address, and consequently, here the Ukrainian police get to know the exact location of the operator.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.