Yesterday, a Russian national accused of helping develop the Citadel banking trojan was arraigned in front of a US judge for the first time, after being extradited from Fredrikstad, Norway.
The man's name is Mark Vartanyan, 28, known online as Kolypto. According to US authorities, Vartanyan allegedly developed, improved and maintained the Citadel malware, a banking trojan made available via a Malware-as-a-Service offering.
The Citadel trojan came to the security industry's attention in 2011, and was initially based on the source code of the ZeuS banking trojan, which leaked online months before.
Citadel evolved over the years, under the supervision of Aquabox, the malware's creator. According to US authorities, Vartanyan is one of Aquabox's helpers.
Previously, in 2014, US authorities arrested Dimitry Belorossov, a Russian national known as Rainerfox, who helped with Citadel's online promotion, and also occupied a role of technical and customer support. In September 2015, a US judge sentenced Belorossov to four years and six months in prison.
Vartanyan was detained in November 2014 in the town of Fredrikstad, Norway, where he worked as a software engineer. Previously, during Citadel's main domination period, between 2011 and 2012, Vartanyan lived in the Ukraine.
Citadel's activity started to die down in December 2012, after its creator, Aquabox, took the trojan off the market.
Initially, when authorities arrested Vartanyan, they thought they nabbed Aquabox. This turned out to be false, and Aquabox remains at large.
Vartanyan fought his extradition for almost two years, before losing his case in December 2016. During this time, he was held under house arrest in Norway.
Russia's ambassador to Norway contested the extradition proceedings. In February 2017, the Russian Ministry of Foreign Affairs said "Norway violated international law by approving the extradition of Russian citizen Mark Vartanyan to the US for trial."
This is not the first time Russian officials contest the extradition of Russian hackers to the US. Currently, Russia is putting pressure on the Czech Republic not to extradite Yevgeniy Nikulin, a hacker accused of breaching LinkedIn, Dropbox, and Formspring in 2012.
Today, the DoJ and FBI formally accused four suspects in the Yahoo 2014 data breach. Three were Russians, and two are active FSB agents. Russian authorities have yet to respond to today's Yahoo indictment.