Redazione RHC : 3 November 2025 16:38
In recent months, it would appear that the Russian Federation is cracking down on cybercrime, a departure from what we were used to seeing in the past , when many cybercriminal groups operated almost undisturbed, often enjoying a sort of tacit protection.
Following the arrests of the Medusa Stealer gang by the Russian Interior Ministry a week ago , a new blow was dealt with the detention of the owner of the “ Userbox ” hacking bot in Moscow today.
The owner of the Userbox hacking bot, also known as User_Search, has been arrested in Moscow, Baza reported on his Telegram channel. Userbox has been inactive since November 1, 2025. Its developer is accused of unauthorized access to computer information.
As of November 1, 2025, Userbox has stopped responding to user requests. When attempting to follow a link that previously led to an unlocked version of the IT service, the browser displays a server-side error. The Telegram bot stopped working after law enforcement raided the Userbox team.
The suspect’s name is Igor Morozov . He is accused of unauthorized access to computer information.
In February 2025, following the collapse of data aggregator God’s Eye, Userbox emerged as a replacement platform. Previously, in December 2024, God’s Eye had begun limiting the amount of data made available upon user request, citing stricter Russian regulations. At the same time, the God’s Eye team was subject to a criminal investigation, starting with a seizure in February 2025, for the unlawful use of personal data, pursuant to Article 272, paragraph 1, of the Criminal Code.
Since spring 2025, the Russian information mining bot market has undergone significant changes. New legislation has introduced criminal liability for the handling of leaked personal data. These regulatory changes reflect a shift in the government’s focus: no longer on individual hackers, but on the data trading IT infrastructure as a whole.
As a result, as reported by CNews , approximately 40% of Russian-language IT platforms specializing in open data mining have suspended operations or closed their doors . The market for such IT services could migrate to the dark web and fall under the control of foreign operators.
Most of the breaches in 2024 affected retailers, pharmacy chains, online services, delivery services, and restaurant services, notes Nikita Novikov, cybersecurity expert at Angara Security: “The data mining market has acquired a huge amount of data about people: their addresses, families, interests, and preferences. This has significantly simplified the work of social engineers, who are now actively exploiting it.”
Mobile data mining has become significantly more expensive: a monthly call and message details cost more than bank account transaction data, although the latter has also increased in price, but not as sharply compared to 2022 levels.
Redazione