$2.5M Bounty on Cybercrime Kingpin: US Targets Vladimir Kadaria

The U.S. Department of State has announced a reward of up to $2.5 million for information leading to the arrest or conviction of Vladimir Kadaria, accused of involvement with a major cybercriminal group.

The 38-year-old Kadaria, known by the aliases “Stalin,” “Eseb,” and “baxus,” is suspected of disseminating the Angler Exploit Kit. From October 2013 to March 2022, Kadaria allegedly used online advertising to deliver malicious software to the computers of millions of unsuspecting victims.

At the height of its activity, the Angler Exploit Kit (AEK) was one of the most popular tools among cybercriminals for infecting devices. According to the NCA, during its peak, Angler accounted for approximately 40% of all exploit kit infections. The annual revenue from these criminal activities was estimated at $34 million.

Kadaria was indicted in June on charges related to financial fraud and cybercrimes. The advertising campaigns in which Kadaria participated appeared legitimate but often redirected victims to malicious sites. These sites were designed to deceive users or infect their devices with malware.

Some ads lured victims into purchasing or downloading malicious software, granting remote access to their devices, or divulging personal and financial information. Kadaria and his accomplices profited by selling access to infected devices on cybercrime forums, as well as stolen information, including banking data and account credentials.

In early August, Kadaria’s accomplice, Maksim Silnikov, was arrested and extradited to the United States. Silnikov masterminded two long-running cybercrime schemes and created the Reveton RaaS virus, which allowed less-skilled criminals to launch ransomware attacks for a fee.

Silnikov is believed to have been the creator of the Angler Exploit Kit. If convicted, Silnikov, Kadaria, and their third partner, Andrei Tarasov, could face maximum sentences: 27 years in prison for conspiracy to commit fraud, 10 years for conspiracy to commit cyber fraud, and 20 years for each count of fraud.