Something shocking and bizarre to the Cyber Security community has occurred. Russia has arrested a malware author, to give some context to this. Russia is normally very soft with hackers and rarely takes action against them.
The Russian Ministry of Internal Affairs states the suspect is a 20-year-old from the region of North Ossetia-Alania. They have been onto him since 2017 as they suspected he made several malware strains which later infected around 2,100 computers in Russia. The suspect also had help while operating his malware. It is believed he had six other accomplices to help distribute the malware which helped the group to earn about 4.3 million rubles which are around $55,000 USD.
Though Russian authorities haven't given too much info on the suspect other security researchers have. A malware analyst from CSIS Security Group, Benoit Ancel has twitted that they and other security groups have been tracking the suspect under the nickname of "1ms0rry."
Benoit Ancel back in 2018 worked with a team to see what 1ms0rry was capable of and their loadout:
1ms0rry-Miner: A trojan when installed on a system, starts covertly mining cryptocurrency for its author.
N0f1l3: Info-stealer trojan that can extract and steal data from infected computers. Capabilities steal browser passwords, cryptocurrency wallet configuration files, Filezilla FTP credentials, and specific files stored on a user's desktop a real nasty trojan.
LoaderBot: A trojan that can be used to infect victims in a first stage and then deploy other malware on-demand during a second stage which has gained a foothold on the infected system.
Benoit Ancel said 1ms0rry sold his malware strains on Russian-speaking hacker forums and that some of his creations were also eventually used to create even more powerful malware strains, such as Bumblebee (based on the 1ms0rry-Miner), FelixHTTP (based on N0f1l3), and EnlightenedHTTP and the highly popular Evrial (which shared some code with 1ms0rry's creations).
The security team's work in 2018 also exposed 1ms0rry's identity. Being a talented young programmer from the city of Vladikavkaz, who at one point even received praise from local authorities for his involvement in the cyber-security field. Unfortunately, he messed up this time. Allowing his malware to target Russian citizens in which Russia does not accept.
Russia has always ignored cybercrime as long these cybercriminals do no target Russians and Russian businesses. Even when US authorities have tried numerous times to get the Russian government to act.
Today, all major Russian-speaking hacking forums and black-market sites make it very clear in their rules that members are forbidden from attacking users in the former Soviet space, knowing that by not attacking Russian citizens, they will be left alone to operate undisturbed. Which is a safe haven for them, hence why many malware strains have been coded to avoid affecting Russian users. Yet 1ms0rry is now seeing as to why these rules are in place.
