A Russian man this week was sentenced to five years in prison for his involvement in the development and maintenance of the Citadel banking malware.
Known under the handle of “Kolypto,” Mark Vartanyan was arrested in Norway and extradited to the United States in December 2016. In March 2017, he pleaded guilty in court. Charged with one count of computer fraud, he will serve his sentence in federal prison.
The Citadel malware was designed to steal sensitive information such as online banking login credentials, courtesy of keylogging capabilities. The threat ensnared machines into botnets and affected millions of people globally. The malware was estimated in 2013 to have been responsible for over $500 million in financial fraud.
Based on the leaked source code of the Zeus banking Trojan, Citadel spawned numerous variants, the most recent of which is called Atmos and is said to be Citadel’s polymorphic successor. In April last year, Atmos had over 1,000 bots.
“Citadel caused vast amounts of harm to financial institutions and individuals around the world. Mark Vartanyan utilized his technical expertise to enable Citadel into becoming one of the most pernicious malware toolkits of its time, and for that, he will serve significant time in federal prison,” U.S. Attorney John Horn said.
Also capable of stealing personally identifiable information from victim computer networks, Citadel started being sold in 2011 on invite-only, Russian-language cybercriminal forums.
Citadel operators are said to have targeted and exploited the computer networks of major financial and government institutions worldwide, including financial institutions in the United States. The malware infected an estimated 11 million computers.
According to the information presented in court, Vartanyan was involved not only in the development and maintenance of Citadel, but also in the improvement and distribution of the malware. He engaged in such activities between on or about August 21, 2012 and January 9, 2013, while residing in Ukraine, and between on or about April 9, 2014 and June 2, 2014, while residing in Norway, the Department of Justice reveals.
“Malicious software and botnets are rarely created by a single individual. Cybercrime is an organized team effort involving sophisticated, talented, and tech savvy individuals. Today’s sentencing of Mr. Vartanyan […] both removes a key resource from the cyber underworld and serves as a strong deterrent to others who may be contributing to the development of botnets and malware. The threat posed by cyber criminals in the U.S. and abroad is ever increasing,” David J. LeValley, Special Agent in Charge, FBI Atlanta Field Office, said.
Related: Citadel Botnet Author Pleads Guilty