A prominent Russian hacker was apprehended in Barcelona over the weekend, reportedly for orchestrating a significant computer botnet rather than being linked to last year’s U.S. presidential election hacking as initially suggested by Russian media outlets. The suspect, Peter Yuryevich Levashov, a 32-year-old computer programmer, is believed to have managed the Kelihos botnet—a global network encompassing over 100,000 compromised computers. This extensive network has been utilized since around 2010 for various malicious activities, including sending spam, stealing login credentials, and disseminating ransomware, as confirmed by the U.S. Justice Department.
Levashov, also known by the alias Peter Severa, gained notoriety for his alleged involvement in vast spamming operations, earning him a spot among the World’s Top 10 Worst Spammers, according to the anti-spam organization Spamhaus. His arrest comes on the heels of a months-long investigation by the FBI, which tracked Levashov’s movements leading them to Spain, a country without an extradition treaty with the United States.
Initially, it was speculated that Levashov had been detained due to his alleged connections to the 2016 U.S. election hacking activities, particularly related to the breach of the Democratic National Committee (DNC). However, the Justice Department’s communications clarifying Levashov’s arrest have made no mention of such links, emphasizing instead his connections to the Kelihos botnet. The FBI linked Levashov to this botnet as he utilized the same IP address for operating it and accessing his personal online accounts, including those associated with Apple iCloud and Google Gmail.
Levashov has been implicated in distributing hundreds of millions of spam emails annually and running pump-and-dump stock scams targeted at Microsoft Windows machines. Furthermore, he is alleged to have leveraged the Kelihos botnet to infect users’ systems with malware, ultimately gathering sensitive data such as online banking passwords from thousands of American citizens.
The emergence of botnets like Kelihos poses significant threats to the general public, affecting core facets of communication, commerce, and daily activities. As Acting Assistant Attorney General Blanco remarked, the ability of such botnets to be repurposed for diverse malicious intents amplifies their dangerous nature. In collaboration with security firm CrowdStrike and the Shadowserver Foundation, the FBI executed a “sinkhole” attack, redirecting infected machines to authority-controlled servers to sever connections between cybercriminals and the compromised systems.
Levashov faces multiple charges, including wire fraud and unauthorized interception of electronic communications, with the U.S. government presently seeking to extradite him for prosecution. This case underscores the ongoing risks associated with botnets and the importance of vigilance in cybersecurity.
As the landscape of cyber threats continues to evolve, understanding tactics from the MITRE ATT&CK framework becomes essential for identifying and mitigating risks. In Levashov’s case, techniques such as initial access, persistence, and privilege escalation may have been utilized to infiltrate systems and maintain control over the botnet. Business owners and cybersecurity professionals should remain informed and proactive, utilizing insights from such incidents to bolster defenses against similar threats.