New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Google Wins Court Case Against Russians Linked to Glupteba Botnet

Google has won a lawsuit against two Russians in connection with the operation of a botnet known as Glupteba. A year ago, the tech giant destroyed the malware’s Command-and-Control (C2) server and filed a lawsuit against Dmitry Starovikov and Alexander Filippov, who were alleged to have overseen managing the illegal botnet. The U.S. District Court for the Southern District of New York imposed financial sanctions against the defendants and their American-based legal representatives. Additionally, the defendants are required to cover Google’s legal costs. The attempt by the defendants to impose penalties on Google was rejected. The defendants and 15 others are charged with deploying the software to hack a network of devices in order to mine cryptocurrencies, collect victims’ financial and personal information, and display disruptive advertisements. Glupteba set itself apart from its competitors by using cryptocurrency blockchains as a C2 server. According to Google, the botnet infected more than a million Windows systems globally. “The Glupteba malware […] instructs infected computers to look for the addresses of its C2 servers by referencing transactions associated with specific accounts on the Bitcoin blockchain,” stated the court.

Analyst Notes

Starovikov and Filippov, who claim to have been software engineers for an organization known as Valtron LLC, are accused of seeking to mislead the court and acting to deny Google access to discoverable data. According to a settlement submitted to Google, the actors demanded $1 million each from the company and $110,000 in legal costs in exchange for providing the private keys to Bitcoin addresses linked to the Glupteba botnet. However, the Mountain View-based company rejected the offer and reported it to law authorities. However, a week later, the defendants changed tactics and said that “they had no such information in their possession and that the Bitcoin accounts were owned by Valtron’s CEO.” District Judge Denise L. Cote stated that “It is now clear that the defendants appeared in this Court not to proceed in good faith to defend against Google’s claims but with the intent to abuse the court system and discovery rules to reap a profit from Google.”