Mathew J. Schwartz reports:
Russian police arrested “three young IT specialists” suspected of developing and selling the Meduza credential-harvesting malware.
Authorities from the Ministry of Internal Affairs of Russia, together with police investigators, charged the men with developing and supplying the information-stealing malware, and tied it to an attack that breached and stole data from a government institution in the country’s southern Astrakhan region in May, said a ministry spokeswoman in a Russian-language post to Telegram.
Police arrested all of the suspects in or around Moscow and seized computing equipment, communication devices and payment cards. Authorities didn’t specify the suspects’ identities or dates of arrest, or under what terms they may have been bailed. They accused the men of gaining unauthorized access to data of “one of the institutions in the Astrakhan region,” referring to a Russian province bordering the Caspian Sea.
Read more at Bank Info Security