Russian Organization Hacked: Alleged Meduza Stealer Malware Admins Arrested

Russian Cyber Criminals Arrested in Moscow for Operating Meduza Stealer Malware

In a recent development, the Russian authorities have apprehended three individuals in Moscow suspected to be the masterminds behind the Meduza Stealer information-stealing malware.

The news was made public by Irina Volk, a police general and official from the Russian Ministry of Internal Affairs, through a statement on Telegram.

“A group of hackers responsible for creating the notorious ‘Meduza’ virus has been detained by the Department for Combating Cybercrime (UBK) of the Russian Ministry of Internal Affairs, in collaboration with law enforcement officers from the Astrakhan region,” Volk announced.

“Initial investigations have revealed that the perpetrators developed and started distributing the ‘Meduza’ software approximately two years ago through underground hacker forums,” the official disclosed.

Meduza operates as an infostealer, extracting account credentials, cryptocurrency wallet details, and other sensitive information stored in users’ web browsers.

The malware was circulated to cybercriminals under a malware-as-a-service model, granting access in exchange for a subscription fee.

Notably, Meduza emerged as one of the most sophisticated information stealers on the dark web market, capable of reviving expired Chrome authentication cookies since December 2023 to facilitate account takeovers.

According to researcher ‘g0njxa’, who closely monitors the infostealer landscape, the same cybercriminal group was also behind Aurora Stealer, a malware-as-a-service platform that gained prominence in 2022.

Despite Russia’s historical leniency towards cybercrime within its borders, provided it doesn’t target Russian entities, Volk highlighted that some Meduza operators aimed at an institution in Astrakhan, southern Russia, in May, and pilfered confidential data from its servers.

This incident prompted the authorities to initiate a criminal case against the culprits under Part 2, Article 273 of the Russian Criminal Code for the “creation, use, and dissemination of malicious computer programs.”

The obtained intelligence assisted investigators in uncovering that the three detainees were also behind a botnet malware, capable of disabling security protocols on targeted systems.

In her concluding remarks, Volk mentioned that the authorities are actively pursuing the identification of all accomplices, hinting at forthcoming follow-up operations.

Empower your team to build securely from the outset, whether it involves revamping old keys or establishing guardrails for AI-generated code. Access this guide to streamline secrets management.

Download the cheat sheet now to simplify secrets management and enhance your security practices.

Download Now