DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Bugat Botnet Administrator Arrested and Malware Disabled

Posted on October 14, 2015 by Dissent

A sophisticated malware package designed to steal banking and other credentials from infected computers has been disrupted, and charges have been filed in the Western District of Pennsylvania against a Moldovan administrator of the botnet known as “Bugat,”  “Cridex” or “Dridex.”  Actions taken by the U.K. and the U.S. substantially disrupted the botnet.

Andrey Ghinkul, aka Andrei Ghincul and Smilex, 30, of Moldova, was charged in a nine-count indictment unsealed  in the Western District of Pennsylvania with criminal conspiracy, unauthorized computer access with intent to defraud, damaging a computer, wire fraud and bank fraud.  Ghinkul was arrested on Aug. 28, 2015 in Cyprus.  The United States is seeking his extradition.

“The steps announced today are another example of our global and innovative approach to combatting cybercrime,” said Assistant Attorney General Caldwell.  “Our relationships with counterparts all around the world are helping us go after both malicious hackers and their malware.  The Bugat/Dridex botnet, run by criminals in Moldova and elsewhere, harmed American citizens and entities.  With our partners here and overseas, we will shut down these cross-border criminal schemes.”

“Through a technical disruption and criminal indictment we have struck a blow to one of the most pernicious malware threats in the world,” said U.S. Attorney Hickton.

“Cyber criminals often reach across international borders, but this operation demonstrates our determination to shut them down no matter where they are,” said Executive Assistant Director Robert Anderson Jr. of the FBI’s Criminal, Cyber, Response and Services Branch.  “The criminal charges announced today would not have been possible without the cooperation of our partners in international law enforcement and private sector.  We continue to strengthen those relationships and find innovative ways to counter cyber criminals.”

According to the indictment, Ghinkul was part of a criminal conspiracy that disseminated Bugat, which is a multifunction malware package that automates the theft of confidential personal and financial information, such as online banking credentials, from infected computers through the use of keystroke logging and web injects.  It is generally distributed through “phishing,” an email fraud method where legitimate-looking emails are distributed to victims in an attempt to obtain personal or financial information.  Bugat is specifically designed to defeat antivirus and other protective measures employed by victims.  The FBI estimates at least $10 million in direct loss domestically can be attributed to Bugat.

The indictment alleges that Ghinkul and his co-conspirators used the malware to steal banking credentials and then, using the stolen credentials, to initiate fraudulent electronic funds transfers of millions of dollars from the victims’ bank accounts into the accounts of money mules, who further transferred the stolen funds to other members of the conspiracy.  Specifically, according to the indictment, on Dec. 16, 2011, Ghinkul and others allegedly attempted to cause the electronic transfer of $999,000 from the Sharon, Pennsylvania, City School District’s account at First National Bank to an account in Kiev, Ukraine, using account information obtained through a phishing email.  In addition, Ghinkul and others allegedly caused the international transfer on Aug. 31, 2012, of $2,158,600 from a Penneco Oil account at First Commonwealth Bank to an account in Krasnodar, Russia, and the international transfer on Sept. 4, 2012, of $1,350,000 from a Penneco Oil account at First Commonwealth Bank to an account in Minsk, Belarus.  Finally, the indictment alleges that on Sept. 4, 2012, Ghinkul attempted to cause the electronic transfer of $76,520 from a Penneco Oil account at First Commonwealth Bank to an account in Philadelphia.  In all three instances, the company’s account information was allegedly obtained through a phishing email sent to a Penneco Oil employee.

In addition to the criminal charges announced today, the United States obtained a civil injunction in the Western District of Pennsylvania authorizing the FBI to take measures to redirect automated requests by victim computers for additional instructions to substitute servers.

The charges and allegations contained in an indictment are merely accusations.  The defendant is presumed innocent until and unless proven guilty.

The investigation is being conducted by the FBI.  Other agencies and organizations partnering in this effort include: the Department of Homeland Security’s U.S.-Computer Emergency Readiness Team (US-CERT), the United Kingdom’s National Crime Agency, Europol’s EC3, German Bundeskriminalamt (BKA), Dell SecureWorks, Fox-IT, S21sec, Abuse.ch, the Shadowserver Foundation, Spamhaus and the Moldovan General Inspectorate of Police Centre for Combating Cyber Crime, the Prosecutor General’s Office Cyber Crimes Unit and the Ministry of Interior Forensics Unit.

The case is being prosecuted by Assistant U.S. Attorneys Mary McKeen Houghton and Margaret E. Picking of the Western District of Pennsylvania.  The civil action to disrupt the Bugat malware is led by Senior Trial Attorney Richard D. Green of the Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Michael A. Comber of the Western District of Pennsylvania.  The Criminal Division’s Office of International Affairs provided significant assistance throughout the criminal and civil investigations.

Victims of Bugat/Dridex may use the following webpage created by US-CERT for assistance in removing the malware: https://www.us-cert.gov/dridex.

Related: Ghinkul Indictment

SOURCE: Department of Justice

Related posts:

  • Leader of International Malvertising and Ransomware Schemes Extradited from Poland to Face Cybercrime Charges
  • Two Iranian Men Indicted for Deploying Ransomware to Extort Hospitals, Municipalities, and Public Institutions, Causing Over $30 Million in Losses
  • Justice Department Announces Court-Authorized Disruption of Snake Malware Network Controlled by Russia’s Federal Security Service
  • Newly Unsealed Indictment Charges Ukrainian National with International Cybercrime Operation
Category: Malware

Post navigation

← Ca: Prosecutor says hospital clerk should go to jail
NM: Investigators still don’t know how Nusenda Credit Union members’ banking info obtained by alleged criminal →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.