A Russian cyber-criminal has been sentenced to five years behind bars in the United States for his part in developing the Citadel information-stealing malware.
Mark Vartanyan, also known by his online moniker “Kolypto”, was sentenced yesterday by a US District Court in Atlanta.
Vartanyan spent two years in Norwegian custody before being extradited to the US in December last year, a fact apparently taken into account when sentencing was set.
He was then charged in March 2017 with one count of computer fraud.
At the time, US attorney, John Horn, claimed that Vartanyan “developed and improved” the malware toolkit for cyber-criminals around the world.
Citadel is said to have first appeared on invite-only Russian language darknet forums in around 2011.
It targeted financial and government organizations, including several in the US, infecting in the region of 11 million computers around the globe and causing losses of over $500m in the process.
Back in 2012 it even rose to surpass the prolific Zeus banking trojan as among the most dangerous financial info-stealing malware around.
Citadel went through several iterations over the years, with new functionality added all the time to enhance its capabilities and ensure it remained a constant threat to banks and their customers.
A Department of Justice news release back in March had the following:
“Between on or about August 21, 2012 and January 9, 2013, while residing in Ukraine, and again between on or about April 9, 2014 and June 2, 2014, while residing in Norway, Vartanyan allegedly engaged in the development, improvement, maintenance and distribution of Citadel. During these periods, Vartanyan allegedly uploaded numerous electronic files that consisted of Citadel malware, components, updates and patches, as well as customer information, all with the intent of improving Citadel’s illicit functionality.”
Vartanyan is the second individual to be brought to justice in connection with Citadel.
In October 2015, Dimitry Belorossov was jailed for four-and-a-half years for developing and using the malware. He was arrested in Spain in 2013.