Evgeniy Bogachev, also known as Slavik and the creator behind the notorious Zeus malware, might have been up to more than using his malware to steal millions of dollars.
New research suggests Bogachev, or possibly someone else associated with his operation, used a botnet for espionage purposes, according to a white paper from Fox-IT. This botnet was used to issue commands directed toward victims' systems in Georgia and Turkey. Commands searched for “documents with certain levels of government secret classifications” and “specific government intelligence agency employees,” the report stated. The spy also searched for information on “politically sensitive” issues in the region.
At another time, a botnet the group typically used for fraud was converted to infect more machines in Ukraine and “search for certain types of politically sensitive information.” This information could have served Russian interests.
IT-Fox Principal Security Expert Michael Sandee suspects Bogachev's espionage assistance has helped him stay out of U.S. officials' grasp.