The U.S. Department of State and the Secret Service have announced a reward of $2,500,000 for information leading to Belarusian national Volodymyr Kadariya (Владимир Кадария) for cybercrime activities.

The 38-year-old man is wanted for his participation in various malware and online scam operations, including the Angler Exploit Kit, for which he managed malvertising operations between October 2013 and March 2022.

“The U.S. Department of State is offering a reward of up to $2.5 million for information leading to the arrest and/or conviction in any country of Volodymyr Kadariya for his alleged participation in a significant malware organization,” reads an announcement on the U.S. Department of State website.

The hacker, known online by various aliases including “Stalin,” “Eseb,” and “baxus,” was first indicted with wire and computer fraud in June 2023, but the indictment was unsealed only on August 12, 2024.

At that time, Kadariya was identified as one of Maksim Silnikau’s co-conspirators, who participated in global-scale malware distribution operations with Andrei Tarasov.

Silnikau (aka “J.P. Morgan”), the creator and operator of Ransom Cartel, Reveton ransomware, and Angler Exploit Kit, was arrested in Spain and later extradited to the United States, where he faces multiple charges incurring sentences of up to 100 years in prison.

The Angler Exploit Kit

Angler Exploit Kit first appeared around 2013, quickly gaining prominence for its ability to leverage exploits in outdated software like Adobe Flash, Java, Silverlight, and Internet Explorer, to deliver malware payloads onto the victims’ systems.

One of the common vectors for Angler was malvertising, where malicious advertisements were placed on legitimate websites, which Kadariya was involved in.

Angler Exploit Kit’s operations began to wane around mid-2016, and by the end of that year, the exploit kit was considered no longer active. Its legacy and impact on victims worldwide, though, remain significant.

Apart from the Angler Exploit Kit, Kadariya also employed “scareware” ads to convey fake messages to internet users, tricking them into downloading malicious files on their computers or disclosing personal and financial information on phishing pages.

The Belarusian cybercriminal enjoyed many monetization channels, including selling “logs” of stolen data to other cybercriminals, selling direct access to systems compromised by Angler Exploit Kit, and allowing deployment of custom payloads through it.

Right now, the whereabouts of Kadariya are unknown, and any information leading to his arrest or conviction will grant tipsters up to $2,500,000.