Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware

Опубликовано: 16 Ноябрь 2023

Cybercrime Data LockA Russian and Moldovan national pleaded guilty to developing a hacking software that networked tens of thousands of infected computers together and allowing them access to paying cybercriminals. (Photo: Blogtrepreneur, Flickr, License)

A Russian and Moldovan national pleaded guilty Tuesday to developing a malicious botnet hacking tool and unleashing it upon tens of thousands of internet users around the world, allowing him to sell access to his victims’ computers to other cybercriminals.

Sergei Makinin pleaded guilty to multiple counts of disseminating harmful software that allowed him and his clientele to control compromised devices as part of a for-profit criminal scheme, through which he earned roughly US$550,000.

Dubbed the IPStorm malware, the program functioned as a botnet, which groups infected devices together and uses their connections to uninfected devices as a way to exponentially expand and proliferate the network under the malicious actor’s control.

In this case, that actor was Makinin. His botnet’s infrastructure initially targeted Windows systems, but those computers subsequently connected with and infected devices operating with Linux, Mac, and Android devices around the world.

Court documents show that IPStorm was active between June 2019 and December 2022. Unauthorized access to the malware’s ever-growing web of infected devices could be purchased through Makinin’s for-profit websites, and, authorities said.

Purchasing a device’s access key would grant cybercriminals the ability to conduct illicit online activity whilst hiding their tracks, since the acts were carried out on different computers.

Typically, criminals use captured computers to lock users out of their own systems until they pay a ransom, usually in the form of crypto. Or, users’ data can be encrypted and lost for good, or the cybercriminals use services like IPStorm to conduct phishing attacks on users and their larger networks.

“In present times, much criminal activity is conducted or enabled through cybernetic means. Cybercriminals seek to remain anonymous and derive a sense of security because they hide behind keyboards, often thousands of miles away from their victims,” said Joseph González, Special Agent in Charge of the FBI’s San Juan Field Office.

Investigators said that a single customer would pay hundreds of dollars a month to take advantage of Makinin’s botnet. At its peak, Makinin himself advertised on his sites that he had more than 23,000 “highly anonymous” proxies around the world.

By his own admission, this business model allowed him to rake in more than half a million dollars. As part of his plea agreement, he agreed to forfeit the cryptocurrency wallets he used to store his ill-gotten gains.

The case to dismantle the botnet’s network involved the combined work of FBI cyber teams, the DOJ’s Computer Crime and Intellectual Property Section, and the U.S. Attorney’s Office for the District of Puerto Rico.

Authorities highlighted that the scope of the investigation was limited to disabling Makinin’s criminal cyberinfrastructure and that it did not extend to accessing any information on his victims’ devices at home.

Each count of disseminating the IPStorm malware carries with it a statutory maximum of 10 years in prison. Makinin’s exact sentence, however, is yet to be determined.