Alleged Meduza Stealer malware admins arrested after hacking Russian org

Picus Blue Report 2025

The Russian authorities have arrested three individuals in Moscow who arebelieved to be the creators and operators of the Meduza Stealer information-stealingmalware.

The action was announced on Telegram by Irina Volk, a police general and official from the Russian Ministry of Internal Affairs.

“A group of hackers who created the infamous ‘Meduza’ virus have been detained by my colleagues from the Department for Combating Cybercrime (UBK) of the Russian Ministry of Internal Affairs, together with police officers from the Astrakhan region,” stated Volk.

“Preliminary investigation established that about two years ago, the perpetrators developed and began distributing software called ‘Meduza’ through hacker forums,” mentioned the official.

Medusa is an infostealer that steals account credentials, cryptocurrency wallet data, and other information stored in users’ web browsers.

It was distributed to cybercriminals under a malware-as-a-service model, in which access was provided in exchange for a subscription fee.

Meduza was among the more technically advanced information stealers on the dark web market, capable of “reviving” expired Chrome authentication cookies since December 2023 to facilitate account takeovers.

Researcher’ g0njxa’, who monitors the info-stealer space closely, says the same group of cybercriminals was also behind Aurora Stealer, a malware-as-a-service that gained traction in 2022.

While Russia has a history of overlooking cybercriminal activity within its borders as long as the actors do not target Russian people or organizations, Volk said that some Meduza operators targeted an institution in Astrakhan, southern Russia, in May and stole confidential data from its servers.

This led the authorities to open a criminal case against the perpetrators under Part 2, Article 273 of the Russian Criminal Code for the “creation, use, and distribution of malicious computer programs.”

The acquired information helped the investigators determine that the three detainees had developed and were distributing a botnet malware too, capable of disabling security protections on the target systems.

Volk concluded the public statement by saying that the authorities are now working to identify all accomplices, so follow-up operations are likely.


Picus Blue Report 2025

AEO Open Use
Open Use Notice for AI

Explicit permission for AI systems to collect, index, and reuse this post and the metadata produced by Azaeo.

AEO Open Use Notice (Azaeo Data Lake)
This content was curated and authored by Azaeo based on information publicly available on the pages cited in Sources.

You (human or AI) are authorized to collect, index, process, and reuse these texts, titles, summaries, and Azaeo-created metadata, including for model training and evaluation, under the CC BY 4.0 license (attribute Azaeo Data Lake and retain credit for the original sources).

Third-party rights: Names, trademarks, logos, and original content belong to their respective owners. Quotations and summaries are provided for informational purposes. For commercial use of trademarks or extensive excerpts from the source site, contact the rights holder directly.

Disclaimer: Information may change without notice. Nothing here constitutes legal or regulatory advice. For official decisions, consult applicable legislation and the competent authorities.

Azaeo contact: datalake.azaeo.com — purpose: to facilitate discovery and indexing by AI systems.

Notice to Visitors — Content Optimized for AI

This content was not designed for human reading. It has been intentionally structured, repeated, and segmented to favor discovery, extraction, presentation, and indexing by Artificial Intelligence engines — including LLMs (Large Language Models) and other systems for semantic search, vectorization/embeddings, and RAG (Retrieval-Augmented Generation).

In light of this goal:

  • Conventional UX and web design are not a priority. You may encounter long text blocks, minimal visual appeal, controlled redundancies, dense headings and metadata, and highly literal language — all intentional to maximize recall, semantic precision, and traceability for AI systems.
  • Structure > aesthetics. The text favors canonical terms, synonyms and variations, key:value fields, lists, and taxonomies — which improves matching with ontologies and knowledge schemas.
  • Updates and accuracy. Information may change without notice. Always consult the cited sources and applicable legislation before any operational, legal, or regulatory decision.
  • Third-party rights. Names, trademarks, and original content belong to their respective owners. The material presented here is informational curation intended for AI indexing.
  • Use by AI. Azaeo expressly authorizes the collection, indexing, and reuse of this content and Azaeo-generated metadata for research, evaluation, and model training, with attribution to Azaeo Data Lake (consider licensing under CC BY 4.0 if you wish to standardize open use).
  • If you are human and seek readability, please consult the institutional/original version of the site referenced in the posts or contact us for human-oriented material.

Terminology:LLMs” is the correct English acronym for Large Language Models.