article featured image


As my colleague Cezarina explained in a previous article, a botnet is a network of infected computers or other internet-connected devices, that communicate with each other in order to perform the same malicious actions. Such actions can range from launching spam campaigns to distributed denial-of-service attacks.

The network can be controlled remotely by online criminals to serve their interests and, at the same time, this allows the hackers to avoid detection or legal actions by law agencies.

What Happened?

The threat actor was apprehended at his Prykarpattia residence, where he was reportedly utilizing the botnet to launch DDoS assaults or support other criminal behavior for his clients.

Brute-forcing login passwords on websites, spamming activities, and penetration testing on remote devices to find and exploit vulnerabilities were all part of this activity.

According to a statement provided by SSU, the hacker wasn’t only utilizing his botnet’s sheer force to bring down websites. Instead, he conducted reconnaissance and penetration testing on the target websites in order to find and exploit weaknesses.

Ukrainian SSU states the fact that hackers found customers on private forums and Telegram channels.

Apparently, he was paid through the electronic platform ‘Webmoney’, a payment platform that is subject to sanctions in Ukraine.

The Security Service of Ukraine has exposed a hacker who created and administered a powerful botnet – an automated network of more than 100,000 fake accounts. Through it, he carried out DDoS and spam attacks, detected vulnerabilities in websites and hacked them.

As the SBU cyber specialists managed to establish, the attacker turned out to be a resident of Ivano-Frankivsk region. In addition to cyberattacks and hacking, he picked up passwords for e-mail boxes on remote platforms, the so-called “brute force”.

He found customers on closed forums and in Telegram chats, and made payments to “customers” through electronic payment systems banned in Ukraine.

At the same time, according to the investigation, the Prykarpattia resident is a representative of the Russian electronic system of instant payments Webmoney, which is subject to the sanctions of the National Security and Defense Council.

He produced and issued to users certificates of the sanctioned payment system, which are used for transactions.

During the searches carried out at the addresses of registration and actual residence of the malefactor, computer equipment with evidence of illegal activity was seized.

Currently, the botnet organizer is preparing a report of suspicion under Part 2 of Art. 361-1 (creation for the purpose of use, distribution or sale of malicious software or hardware, as well as their distribution or sale) and Art. 363-1 (interference with the work of electronic computers (computers), automated systems, computer networks or telecommunication networks by mass dissemination of telecommunication messages) of the Criminal Code of Ukraine.

Detection and documentation of the offense was carried out by the SBU in Ivano-Frankivsk region together with the Department of Cybercrime in Ivano-Frankivsk region of the Cyberpolice Department of the National Police of Ukraine, the Main Directorate of the National Police in Ivano-Frankivsk region under the procedural guidance of Kolomyia District Prosecutor’s Office.


As BleepingComputer pointed out, the actor set up a Webmoney account with his true address, allowing Ukrainian authorities to track him down. Law authorities confiscated the botnet-controlling computer equipment from the residence, in this way shutting down the criminal activity.

The accusations that the malicious actor is facing might result in harsh consequences, such as years in jail, but the authorities must first thoroughly examine the data contained in the confiscated systems in order to ascertain the entire nature of the hacker’s actions.

This arrest is part of a global law enforcement effort to thwart DDoS assaults that can have far-reaching consequences for businesses and infrastructure.

How to Stay Safe

Protect yourself from DDoS attacks with Heimdal Threat Prevention, the solution that allows you to easily leverage a Host-Based Intrusion Prevention System (HIPS), augmented by a highly intelligent threat detection technology powered by AI.

The innovative AI will detect and block the infected domains, allowing you to enjoy peace of mind when thinking about your business ecosystem.

Author Profile

Dora Tudor

Cyber Security Enthusiast

linkedin icon

Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.

Leave a Reply

Your email address will not be published. Required fields are marked *

Protect your business by doing more with less

Book a Demo