Cybersecurity News that Matters

Cybersecurity News that Matters

US offers $2.5M reward for information on Belarusian hacker behind massive malware operation

Illustration by Areum Hwang, The Readable

by Minkyung Shin

Aug. 30, 2024
10:29 PM GMT+9

The United States has identified the hacker responsible for distributing malware to millions of computers over the past decade. The suspect, Belarusian national Volodymyr Kadariya, is now the target of a $2.5 million reward offered by authorities for information leading to his arrest.

On Monday, the U.S. Department of State and the U.S. Secret Service jointly released a wanted poster seeking information on 39-year-old Belarusian hacker Volodymyr Kadariya. According to the Department of State, Kadariya is allegedly involved in a major malware operation.

Kadariya was indicted on June 14, 2023, in the District of New Jersey, alongside Maksim Silnikau, 38, and Andrei Tarasove, 33, who were also involved in the malware cybercrime. The hackers face charges of wire fraud, conspiracy to commit computer fraud, and two counts of substantive wire fraud.

According to the Department of State, the hackers distributed a type of malware known as the “Angler Exploit Kit,” which infects victims’ devices by exploiting vulnerabilities in outdated software like Internet Explorer and Adobe Flash. Between October 2013 and March 2022, Kadariya and his accomplices used a technique called “malvertising” to deliver the malware, embedding malicious links in what appeared to be legitimate advertising websites. This approach led to millions of computers being infected. The hackers allegedly sold the stolen data from these infected devices to other cybercriminals on the dark web.

The indictment from the District of New Jersey states that Kadariya played a crucial role in the operation by facilitating the distribution of malware and ransomware, managing the technical aspects, and overseeing the infrastructure used in the attacks. Tarasov was responsible for developing and deploying the malware through seemingly legitimate advertisements, while Silnikau is alleged to have led the overall distribution efforts.

Meanwhile, Maksim Silnikau was also indicted by the Eastern District of Virginia on June 15, 2023. He allegedly used online aliases such as “J.P. Morgan,” “xxx,” and “lansky” to carry out his activities. Silnikau has been active in Russian-speaking cybercrime forums since at least 2005 and was a member of the notorious cybercrime website “Direct Connection.”

“They hid behind online aliases and carried out complex, far-reaching cyber fraud schemes to compromise victims’ devices and steal sensitive personal information. The Federal Bureau of Investigation will continue to work with its partners to aggressively impose consequences on cybercriminals and hold them accountable for their actions,” said FBI Deputy Director Paul Abbate.


Related article: US indicts seven Chinese hackers; China denies allegations

On Monday, the United States government announced the indictment and imposition of sanctions on Chinese state-sponsored hacking groups. These groups are accused of targeting high-level U.S. officials through various malicious cyber operations.

The indictment, unsealed by the U.S. Department of Justice, charges seven hackers with ties to the Chinese government. These individuals, referred to as threat actors, specifically targeted U.S. government officials, lawmakers, American businesses, and individual dissidents who are afforded protection under American laws.

The hackers, believed to be operating out of China, include the group known as Advanced Persistent Threat 31 (APT31), identified as a malicious cyber group. Since 2010, this group has conducted its cyber operations through Wuhan Xiaoruizhi Science and Technology Company (Wuhan XRZ).

The Justice Department has indicted the hackers, making their identities public as defendants in the case. In an effort to gather more information on the hackers’ network, it is also offering a reward of up to $10 million for details about the organization, along with any connected individuals or entities.

The indictment reveals that the hackers dispatched over 10,000 emails embedded with malicious links, deceptively presented as if originating from reputable news outlets and journalists, along with articles on legal matters. When recipients clicked on these emails, the hackers were able to access and control the victims’ devices, obtaining information such as location, Internet Protocol (IP) addresses, network layouts, and details of the specific devices used to open the emails. According to a press release from law enforcement, this hacking technique has jeopardized economic strategies, intellectual property, and trade secrets belonging to American businesses. READ MORE

Subscription

Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Minkyung Shin

    Minkyung Shin serves as a reporting intern for The Readable, where she has channeled her passion for cybersecurity news. Her journey began at Dankook University in Korea, where she pursued studies in...

    View all posts
Reviewer:
Stay Ahead with The Readable's Cybersecurity Insights