Russian hacker pleads guilty over $500m Citadel malware

Russian hacker pleads guilty over $500m Citadel malware

A Russian hacker accused of helping to develop and maintain the notorious Citadel malware toolkit, which was used to steal more than $500 million from bank accounts, faces up to 10 years in a US prison after pleading guilty to computer fraud.

Having been extradited from Norway in December, this week Mark Vartanyan (who went by the online handle 'Kolypto') pleaded guilty in an Atlanta court. He will be sentenced in June.

According to US authorities, the Citadel toolkit first began circulating for sale on Russian language forums in 2011. Crooks bought the malware and used it to exploit the computer networks of financial and government institutions, including in the US.

Over the years, Citadel infected approximately 11 million computers worldwide and is responsible for over $500 million in losses, says the Department of Justice.

For two years from 2012, while living in Ukraine and then Norway, Vartanyan engaged in the "development, improvement, maintenance and distribution" of Citadel. During these periods, he allegedly uploaded numerous electronic files that consisted of Citadel malware, components, updates and patches, as well as customer information.

Vartanyan is the second defendant charged in connection with an ongoing investigation of the Citadel malware. In 2015, Dimitry Belorossov was sentenced to four years, six months in prison following his guilty plea for conspiring to commit computer fraud for distributing and installing the malware onto victim computers.

Separately, a Lithuanian man has been arrested over a phishing scheme that saw him allegedly trick two multinational internet companies into wiring over $100 million to bank accounts he controlled.

Evaldas Rimasauskas is accused by US authorities of posing as an Asian-based computer hardware manufacturer to get a "multinational technology company and a multinational online social media company" to wire him the money.

He tricked the firms by registering and incorporating a company in Latvia that had the same name as the Asian firm - which both victims did business with. He then opened bank accounts linked to his firm and sent emails to the victims pretending to be from the Asian firm, asking for payments to the bank accounts he controlled.

The scam went on for at least two years before Rimasauskas was arrested last week in Lithuania. He has been charged by the US with one count of wire fraud and three counts of money laundering, each of which carries a maximum sentence of 20 years in prison, and one count of aggravated identity theft.

New research from security firm Proofpoint suggests that business email compromise attacks are on the rise, up 45% in the last three months of 2016, with manufacturing, retail and technology the sectors most targeted.

"Seventy-five percent of our customers were hit with at least one attempted BEC attack in the last three months of 2016 — and it only takes one to cause significant damage," says Ryan Kalember, SVP, cybersecurity strategy, Proofpoint.

Comments: (0)