Last April, the U.S. Justice Department was finally able to report that a suspect had been arrested in the Kelihos botnet case. Peter Yuryevich Levashov, a Russian citizen who allegedly ran the Kelihos botnet since at least 2010, was arrested in Spain while apparently on vacation with his family.
Russian-state media service, Russia Today reported that Levashov was suspected of being involved in the hacking attacks related to the 2016 U.S. election, which U.S. intelligence agencies concluded were masterminded by the Russian government in order to help Donald Trump win the election. Russia used non-state intermediaries to handle hacked information in order to provide some distance from state officials.
However, at the time a U.S. Justice Department official told reporters that past indictments against Levashov, and the April action against Kelihos, were unrelated to election hacking. The official said that botnet was a source of criminal activity targeting computers worldwide for over six years at least. It was involved not only in DDoS attacks, but also injecting various forms of malware into computer systems, password thefts and pump-and-dump schemes.
The U.S. was able to obtain court orders in order to neutralize the Kelihos botnet by putting into place substitute servers and blocking commands sent from its C&C center.
At its height, the Kelihos botnet had infected approximately 60,000 computers and other devices worldwide. In addition to driving spam and running malware-rigged email phishing campaigns, Levashov has been linked to click-fraud and DDoS attacks. He was previously indicted in 2009 for operating the Storm botnet. Prosecutors have been pursuing him for over a decade. According to The SpamHaus Project, Levashov is one of the ten worst spammers in the world.
Last week, Levashov was extradited from Spain to the U.S. He stands accused of wire fraud, identity theft and conspiracy. He now awaits federal charges in Connecticut. Russia had filed a competing extradition request; but the Spanish National Court approved the U.S.’s extradition request in October 2017, rebuffing Russia. At that hearing, he claimed Levashov claimed to be a military officer working for Russia’s opposition parties, including United Russia. Its press office said that the claim was “nonsense” and he was unknown to the political party.
The extradition “demonstrates the department’s steadfast commitment to working with our international law enforcement partners to identify cybercriminals and hold them accountable for their conduct,” Acting Assistant Attorney General John Cronan said in a statement.