U.S. Offers Up to $2.5M Reward for Information on Belarusian Cybercriminal.

The U.S. Department of State has announced a reward of up to $2.5 million for information leading to the arrest and/or conviction of Volodymyr Iuriyovych Kadariya, a Belarusian national involved in a major cybercrime operation. Kadariya is accused of participating in a significant malware distribution scheme that spanned nearly a decade, from October 2013 to March 2022.

Kadariya is linked to the distribution of the Angler Exploit Kit (AEK), a tool used by cybercriminals to deliver malware to millions of unsuspecting users through deceptive online advertisements, a technique known as “malvertising.” These ads often redirected users to malicious sites or servers designed to infect their devices or steal sensitive information. The malware delivered through these campaigns caused extensive financial losses and compromised numerous electronic devices globally.

What is AEK ?

The Angler Exploit Kit was one of the most notorious and widely used exploit kits in the mid-2010s. Exploit kits are automated tools used by cybercriminals to scan for vulnerabilities in a victim’s system and deliver malicious payloads, such as ransomware, trojans, or other forms of malware.

Key Features of Angler Exploit Kit:

1. Delivery Mechanism:
   • Angler typically spread through compromised websites, malvertising (malicious advertisements), and phishing emails. When a user visited a compromised website or clicked on a malicious ad, Angler would silently probe the visitor’s system for vulnerabilities.
2. Exploits Used:
   • Angler targeted a wide range of vulnerabilities, especially in widely used software like Adobe Flash, Java, Microsoft Silverlight, and Internet Explorer. It constantly updated to include new exploits, often integrating zero-day vulnerabilities.
3. Sophisticated Evasion Techniques:
   • Angler was known for its advanced evasion capabilities, making it difficult for security software to detect. It employed techniques like fileless attacks (where the malware executes directly in memory without leaving traces on the disk), encrypted communications, and sophisticated obfuscation methods.
4. Payloads:
   • The primary goal of Angler was to deliver malware. It was used to distribute various types of malicious software, including ransomware (like CryptoWall), banking trojans, and keyloggers. The specific payload would depend on the campaign and the targeted victim.
5. Customization and Automation:
   • Angler was highly automated, allowing cybercriminals to launch large-scale campaigns with minimal effort. It also offered customization options, enabling attackers to choose specific vulnerabilities to exploit and payloads to deliver.

Decline and Shutdown:

• Law Enforcement Action: In mid-2016, law enforcement agencies, particularly in Russia, took significant actions against the operators of the Angler Exploit Kit. This led to a noticeable decrease in its activity and eventual disappearance from the threat landscape.
• Emergence of Alternatives: After the shutdown of Angler, other exploit kits like Neutrino and Rig attempted to fill the gap, but none matched Angler’s level of sophistication and widespread use.

Impact:

• Angler was responsible for a significant amount of malware distribution during its peak. It played a major role in the proliferation of ransomware and other malware, causing extensive financial damage to businesses and individuals.

In June 2023, Kadariya was indicted by a federal grand jury in New Jersey on charges including conspiracy to commit wire fraud and computer fraud. The indictment outlines his involvement in various schemes that not only distributed malware but also tricked victims into downloading harmful software or revealing personal and financial information through fake security alerts—commonly referred to as “scareware.”

This reward offer is part of the U.S. government’s efforts to combat transnational organized crime, particularly in the cyber realm, and reflects the significant threat posed by such criminal activities to both U.S. and global cybersecurity.

If you have information about Kadariya, the U.S. government encourages you to contact the U.S. Secret Service or your nearest U.S. Embassy or Consulate​(SecretService,PublicNow).