Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Notorious Cybercriminal Released From Prison

Earlier this month, Belarusian authorities released from prison Sergey Yarets, a notorious cybercriminal and co-developer of the Andromeda botnet.

Earlier this month, Belarusian authorities released from prison Sergey Yarets, a notorious cybercriminal and co-developer of the Andromeda botnet.

Yarets, who used the online moniker of Ar3s, was arrested in late November 2017, when Federal Bureau of Investigation (FBI) and law enforcement agencies in Europe dismantled the Andromeda botnet.

Also known as Gamarue or Wauchos, Andromeda has been around since 2011, its primary purpose being that of credential theft and malware distribution. Detected on over 1 million machines each month during the second half of 2017, the botnet had been associated with 80 malware families.

At the time of takedown, security researchers identified 464 distinct Andromeda botnets and 1,214 domains and IP addresses of command and control (C&C) servers. In January this year, ESET warned of difficult cleaning efforts for such a long-lived botnet and said Andromeda would die a slow death.

Despite Andromeda’s size (victims were identified in over 200 countries) and the considerable effort international law enforcement agencies and private organizations put into taking it down, Yarets was released on August 9, 2018.

When arrested, Yarets was charged for his involvement in the sale, maintenance, and use of Andromeda. A resident of Rechitsa, Gomel Region, Belarus, he was formerly a technical director at OJSC “Televid” Tele-Radio, threat intelligence provider Recorded Future reveals.

Opposition news agency Radio Svaboda, the only Belarusian media outlet to have reported the release, says that Yarets was ordered to pay $5,500 as retribution for the income made from the botnet, and that his apparent cooperation with the authorities was what led to his quick release.

Advertisement. Scroll to continue reading.

As per Radio Svaboda Belarus’ reporting, Yarets’s lawyer “elaborated that Yarets’s extraordinary knowledge should serve the country’s interests and that there was no evidence of damage done to Belarusian citizens or organizations because Yarets did not target member countries of the Commonwealth of Independent States,” Recorded Future notes.

Yarets apparently claimed that Andromeda was created by a “genius and alcoholic” developer, supposedly the Russian threat actor waahoo. Yarets claims he received the exclusive rights of the Andromeda Trojan in 2012.

Although waahoo apparently continued to be involved in the Trojan’s development until approximately 2015, Yarets was the only one responsible for Andromeda’s operation at the time of his arrest.

“The Belarusian investigators and judges most likely knew this but did not take it into account for unknown reasons,” Recorded Future notes.

“This case is an example of a selective approach toward the punishment of cybercriminals in ex-Soviet states, allowing them to avoid just punishment when states are interested in them, diminishing the importance and efficiency of international cooperation in this field,” the security firm concludes.

Related: Andromeda Botnet to Die Slow, Painful Death 

Related: Authorities Take Down Andromeda Botnet

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...