Long-term investigations into bank hacks and sophisticated cyber crimes may be yielding results, as criminals behind the Dridex and Citadel malwares may now be in police custody. A 30-year old Moldovan man arrested in Cyprus in late August is a key figure in the gang behind Dridex, according to cybersecurity researcher Brian Krebbs, and Norway’s VG News reports that a Russian national arrested in Norway is accused by US investigators of having developed Citadel.
The man in Cyprus was arrested for stealing over $3.5 million through computer fraud, according to local media. He will be held until hearings for extradition to the US begin in mid-October. Krebbs points out in a blog post that Dridex was born out of an Eastern European cybercrime gang known as the Business Club and accused of stealing over $100 million from business and financial institutions around the world. The Business Club ran the large and sophisticated “Gameover ZeuS” botnet until the US Department of Justice and other agencies dismantled it in June 2014.
A Russian man under house arrest in Norway for nearly a year has been the subject of a tug-of-war between the US, which wants him extradited to face charges as the Citadel developer, and Russia, which says the evidence against its citizen is insufficient. The FBI and NCIS believe the man, identified only as “Mark” in the report, is known online as “Aquabox,” the malicious actor who sold Citadel as Malware-as-a-Service.
Another Russian man, Maxim Senakh, was arrested in August in Finland for malware use at the request of US federal authorities, RT reports.
Canadian web host White Falcon filed a lawsuit against police late last year for their seizure of hardware in 2013 as part of an investigation into Citadel. White Falcon is owned and operated by a Russian-born Canadian and hosted many .ru websites, reports at the time said that authorities believed Citadel was being operated from within Russia or the Ukraine.