The Creator of the Mariposa Botnet Got Arrested in Germany

Last updated June 23, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

According to a report by “KrebsonSecurity”, a Slovenian man named Matjaž “Iserdo” Škorjanc has been arrested in Germany, after connecting his identity with an international arrest warrant that was issued in the United States. Now, the Slovenian is expected to be extradited to the U.S., where he will face a trial based on offenses that concern the authoring of the Mariposa botnet. There, he will join another three persons (an American, a Spanish, and a Slovenian) who are accused of having involvement in the Mariposa campaigns. Additionally, the four individuals also face the charge of having founded the Darkode marketplace, which was taken down in 2015 and seized by the FBI and Europol.

The Mariposa botnet was first discovered in December 2018, and its activity only lasted for 12 months. Within this period of time, however, it managed to infect up to a million computers, turning them into DoS attack zombies, email spamming launch pads, PII stealing points, and more. The total damages done by Mariposa were estimated to account for “tens of millions of dollars”, so the botnet was one of the worst that the IT world ever had to deal with. For this reason, a Slovenian court sentenced Škorjanc to four years and ten months in prison back in December 2013.

nicehash

Source: krebsonsecurity.com

The man managed to find his way back into society and recently became the CTO of NiceHash, a tech company that enables users to sell computing resources to help others mine cryptocurrency. In December 2017, NiceHash reported that they had been hacked and that $52 million disappeared as a result. Škorjanc’s past raised the suspicions about this right away, but no concrete evidence pointed to him. At the same time, multiple media outlets found links to North Korean hacking groups, but the investigation is still ongoing.

There’s a crackdown going on in Germany right now, with the police raiding an underground hosting service that allegedly supported child porn networks and darknet marketplaces last week. The arrest of Škorjanc is another hit on the cybercrime scene, no matter whether the Slovenian was still active or not anymore. The fact that the authorities managed to track down experienced and skilled hackers who know how to hide their tracks may be an indication that they have access to advanced backdoor-exploiting tools.

Have something to comment about the above story? Let us know of your views in the dedicated section below, or on our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: