MINSK, 4 December (BelTA) – The member of the international cybercrime group Andromeda, who has been apprehended by the Investigative Committee of Belarus in association with the FBI, cooperates with investigators, has given a confession, and describes how he has been acquiring money in detail, BelTA learned from Alexander Mokhnach, a senior investigator with the Central Investigation Office of the Investigative Committee of Belarus.
The exploit kit was acquired by people, who intended to upload other kinds of malicious programs into someone else's computers. “Anything at all could be uploaded to the infected computers after that,” explained Alexander Mokhnach.
The official remarked that a huge amount of information about potential victims had been acquired. A lot of thorough work will have to be done to sieve through the data.
Belarusian investigators have been told via diplomatic channels that concrete crimes had been committed using the Andromeda exploit kit. The report will be looked into, the victims are in foreign countries, including, for instance, the USA.
Belarusian investigators have obtained a large amount of data, including correspondence between the apprehended suspect and other criminals, who had used the exploit kit. “Every episode will be evaluated by the investigation team to present the final charges. If more episodes are discovered, they will be evaluated from the legal point of view, too,” said Alexander Mokhnach.
BelTA reported earlier that the Investigative Committee of Belarus, the K Department of the Belarusian Interior Ministry, and the FBI have shut down an international cybercrime group, which specialized in coding and disseminating malicious software. A Belarusian citizen was part of the group.
The Investigative Committee of Belarus had previously received a tip saying that a Belarusian citizen was part of an international forum of cyber criminals and was selling malicious software. The citizen was also an administrator at a forum where the organization of high-tech crimes was discussed.
Thanks to joint actions the man's identity was found out. It turned out that he was born in 1983 and resided in Gomel Oblast, Belarus. After that officers of the USA Federal Bureau of Investigation (FBI) bought malware from the Belarusian. The malware's source code was examined by information security specialists, who concluded it was harmful. The investigation also revealed that the man had helped his online contacts buy and update malware and had provided technical support services. He received $500 per sale and $10 per malware update. The number of crime episodes and the revenues are being ascertained.
A global operation was staged in late November 2017. As a result of investigative actions malware sellers, server owners, and malware users were detected. The operation began with the arrest of the Belarusian citizen in Gomel Oblast. After searching the suspect's computer equipment the investigators and officers of the K Department of the Belarusian Interior Ministry found direct evidence to confirm that the suspect had committed crimes and had been part of the international cybercrime group.
The man has been detained. His hard drives, other data media, data from digital wallets are being examined by the investigators.
According to representatives of the Investigative Committee of Belarus, the malware is a Trojan virus, which downloads other kinds of malware to the infected computer. In turn, the downloaded components allow recording the infected computer user's actions, information about the websites the user browses, saved login names and passwords. The malware allows using the infected computer to stage DDoS attacks and other illegal actions.
