Cybercrime with Angler exploit kit: gang leader goes on trial in the USA
The cyber criminals behind the Angler exploit kit have been wanted for almost 10 years. Now the leader of the gang is being tried in the USA.
Maskim S. is arrested in Spain
(Image: NCA UK)
Using the Angler exploit kit, cybercriminals have abused computers and mobile devices for malvertising and ransomware extortion for many years. But now the leader of this gang is facing charges in the USA after being arrested in Spain last year and now extradited from Poland to the United States. He is facing a long prison sentence for bank transfer and computer fraud as well as identity theft.
Maksim S., who has dual citizenship of Belarus and Ukraine, is accused of operating two different cybercrime systems over several years. He used online nicknames such as "J.P. Morgan", "xxx" and "lansky". Together with Volodymyr K., also with Belarusian and Ukrainian citizenship, and Andrej T. from Russia, Maksim S. distributed malware through online advertisements (malvertising) and sold captured data from victims on the darknet using the Angler exploit kit from October 2013 to at least March 2022. However, Volodymyr K. and Andrej T. have not yet been caught.
The Angler exploit kit has made numerous headlines over the last decade. Based on this exploit, websites such as AOL, BBC and MSN have distributed blackmail Trojans as part of a malvertising campaign. Manipulated advertisements infected tens of thousands of visitors with encryption Trojans. In addition, the Angler exploit kit distributed Android Trojans and blackmailed victims with child pornography. The perpetrators made millions from the blackmail Trojans distributed with the exploit kit.
Malvertising through Angler exploit kit
The advertisements appeared legitimate, but would have directed unsuspecting users to websites that used the Angler exploit kit to load malware onto users' devices or request user data. For example, users were falsely warned about virus infections. The defendants offered the captured data for sale on Russian cybercrime forums in order to blackmail them or gain further access to accounts or devices. This indictment is pending before the District Court in New Jersey (case number 2013R01333/AMT/AAH/LKB/CG).
In addition, Maksim S. is charged in the Eastern District of Virginia with conspiracy to commit offenses against the United States (Case No. 1:23-CR-108). He is alleged to be the founder and administrator of the ransomware gang "Ransom Cartel", which was set up in May 2021. In November 2021, the gang would have carried out a ransomware attack on a New York company and in March 2022 ransomware was installed in a company in California. The attackers would have removed secret data without consent and demanded extortion payments in order not to publish the victims' data.
Long prison sentences threatened
The defendants are presumed innocent, but Maksim S. faces up to 20 years in prison if convicted in Virginia for conspiracy to commit computer fraud and abuse and wire fraud. He faces a minimum of two years in prison for aggravated identity theft. In New Jersey, it's up to 10 years for computer fraud, a maximum of 27 years for conspiracy to commit wire fraud and up to 20 years for each count of wire fraud. This also applies to Volodymyr K. and Andrej T., who are still on the run.
The FBI and the US Secret Service cooperated with international police authorities in the investigation, writes the US Department of Justice. In addition to the Guardia Civil of Spain, which arrested Maksim S. in an apartment in Estepona in southern Spain, these include the German Federal Criminal Police Office (BKA) and the Berlin State Criminal Police Office (LKA). The UK's National Crime Agency even published a picture and a video of the arrest of the main defendant.
(fds)