Security Experts:

Connect with us

Hi, what are you looking for?



Citadel Botnet Author Pleads Guilty

A Russian national has pleaded guilty in a United States court to charges related to the development and distribution of the Citadel malware.

A Russian national has pleaded guilty in a United States court to charges related to the development and distribution of the Citadel malware.

Mark Vartanyan, who has been going by the hacker name of “Kolypto,” was arrested in Norway and extradited to the United States in Dec. 2016. For his role in the development and maintenance of the Citadel malware, he is charged with one count of computer fraud.

Citadel is a well-known information-stealing malware designed with keylogging capabilities as means to steal account credentials for online banking. The malware also recruited infected machines into botnets that were estimated in June 2013 to have been responsible for over half a billion dollars in financial fraud, affecting more than five million people in 90 countries.

The threat emerged soon after the source code for the Zeus malware emerged online. New variants of the malware were observed starting with late 2014, the most recent of them being Atmos, which was described about a year ago as Citadel’s polymorphic successor. This variant had more than 1,000 bots in April last year.

Starting in 2011, Citadel was offered for sale on invite-only, Russian underground forums, and was used to target and exploit the networks of major financial and government institutions, U. S. Attorney John Horn said in a statement. The malware is estimated to have infected around 11 million computers worldwide.

Vartanyan is accused of being actively engaged in the “development, improvement, maintenance and distribution of Citadel” between August 21, 2012 and January 9, 2013, while living in Ukraine, and between April 9, 2014 and June 2, 2014, while living in Norway.

“During these periods, Vartanyan allegedly uploaded numerous electronic files that consisted of Citadel malware, components, updates and patches, as well as customer information, all with the intent of improving Citadel’s illicit functionality,” a last week announcement from the Department of Justice reads.

Vartanyan was charged in a one-count Information with computer fraud, and he is pleading guilty, the plea agreement filed this week by the U.S. Attorney’s Office, Northern District of Georgia, reads (PDF). The hacker faces up to 10 years in prison and a maximum fine of $250,000.

“This defendant’s alleged role in developing and improving “Citadel” for its use by cybercriminals caused a vast amount of financial harm to individuals and institutions around the world. His appearance in federal court today shows that cybercriminals cannot hide in the shadows of the Internet. We will identify them and bring them to justice wherever they operate,” U.S. Attorney Horn said.

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.