After extensive and coordinated cyber operations of multiple international organizations, both from government and private sectors, have successfully taken down one of the most formidable cyber entities to date, Andromeda Botnet.
Andromeda (Gamarue, Wauchos) is a name used to describe a botnet of computers infected with malware. The botnet emerged in 2011 and continued to grow to massive numbers in recent years up to present time. Andromeda’s operator used the botnet to send spam that infected new users, keeping the botnet alive, but also delivered second-stage malware to already infected users. This tactic allowed the Andromeda owner to make a profit by renting the botnet to other crooks. Andromeda has already delivered eighty (80) different malware families. According to Microsoft, there is an average of one million computers per month infected with the Andromeda malware.
After joint cyber operations during the end of November to early December 2017, with the participation of different international government agencies like Europol, Eurojust, Interpol, the FBI, the US DoJ, the UK NCA, and many national crime fighting agencies, as well as private companies such as ICANN, Symantec, the Shadowserver Foundation, Registrar of Last Resort and others, Andromeda and Avalanche have been taken down for good.
One year ago, the Avalanche malware distributor was taken down. According to Europol and the Shadow Foundation, authorities did not include any details about Andromeda being hosted on the Avalanche network in last year’s media releases in order to keep the botnet under surveillance and gather more information needed for a proper cyber takedown operation.
The authorities were able to arrest an individual named Belarus, who is suspected of being the creator of Andromeda, and were also able to seize Andromeda’s seven main command-and-control (C&C) servers and 1500 domain names.
Different international law enforcement agencies and private companies working as one to perform coordinated cyber operations is a huge leap in attaining global cyber security. Apart from the entities who already participated, other countries should encourage their own cyber-security agencies to aid in international cyber pursuits and operations. Making the international community more secure in cyber-space would eventually entail a secure local infrastructure of nations.