The U.S. Department of State has announced a reward of up to $2.5 million for information leading to Volodymyr Kadariya’s arrest and/or conviction.
Kadariya is allegedly a key figure in a major malware organization responsible for developing and distributing the Angler Exploit Kit (AEK), a sophisticated tool used by cybercriminals to deliver malware to unsuspecting users worldwide.
The Charges Against Kadariya
Volodymyr Kadariya has been indicted in the District of New Jersey on multiple charges, including conspiracy to commit wire fraud, conspiracy to commit computer fraud, and two counts of substantive wire fraud.
The charges stem from his alleged involvement in a scheme to distribute the Angler Exploit Kit and other malware through online advertisements, known as “malvertising,” from October 2013 through March 2022.
This exploit kit was a leading vehicle for cybercriminals to deliver malware onto compromised devices, affecting millions of internet users globally.
The Angler Exploit Kit is recognized as one of the most sophisticated exploit kits in the world. It first appeared in late 2013 and has since evolved, incorporating advanced evasion features to bypass security defenses.
The kit uses techniques such as 302 cushioning and domain shadowing to evade detection and checks for antivirus software and virtualized environments before executing exploits.
One of its notable features is “fileless infection,” which allows it to infect a victim’s system without writing malware to the hard drive. The Angler Exploit Kit has exploited zero-day vulnerabilities associated with the infamous “Hacking Team” vulnerabilities (CVE-2015-5119, CVE-2015-5122).
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN -14-day free trial
Its ability to continually add new IP addresses, domains, and subdomains for hosting exploits makes it a formidable challenge for cybersecurity professionals.
How the Angler Exploit Kit Operates
The Angler Exploit Kit begins its attack by compromising legitimate websites, redirecting visitors to its landing pages through various methods, including HTML iframes and 302 cushioning.
These landing pages are designed to be highly obfuscated, using techniques such as plain English text, obfuscated JavaScript code, deobfuscation functions, encrypted URLs, and exploit paths. This complexity makes it difficult for security researchers to detect and analyze the kit’s activities.
The kit also performs environment checks, looking for specific antivirus products and virtual machine indicators to avoid detection.
Once these checks are passed, the kit proceeds to decrypt URLs and download the malware payload. The payload is often encrypted and encoded to evade detection further.
The Global Effort to Capture Kadariya
The U.S. Department of State’s reward offer underscores the international effort to combat cybercrime. Individuals with information about Kadariya’s whereabouts must contact the U.S. Secret Service at [email protected].
Those located outside the United States can contact the nearest U.S. Embassy or Consulate. The Angler Exploit Kit’s impact on global cybersecurity cannot be overstated.
Its ability to adapt and evade detection has made it a preferred tool for cybercriminals, contributing to the proliferation of malware attacks worldwide.
The arrest and conviction of Volodymyr Kadariya would be a significant victory in the fight against cybercrime, potentially disrupting the operations of one of the most dangerous malware organizations.
The offer of a $2.5 million reward reflects the seriousness with which the U.S. government views this threat. As cybersecurity threats evolve, international cooperation and vigilance remain crucial in protecting individuals and organizations from cybercriminal activities.
Protect Your Business with Cynet Managed All-in-One Cybersecurity Platform – Try Free Trial