Russia Detains Three Suspects Behind 'Meduza' Malware After Astrakhan Data Breach

Police describe malware built to steal credentials plus crypto wallet data, with investigators now focusing on identifying accomplices.

Overview

Authorities arrested three alleged developers and distributors of the Meduza malware in Moscow and the Moscow region with support from the National Guard.
A criminal case was opened under Part 2 of Article 273 of Russia’s Criminal Code, and pretrial measures have been imposed on the suspects.
Searches recovered computer equipment, communication devices, bank cards and other items that investigators say carry evidentiary value.
Investigators report the group used its tools in May 2025 to access an Astrakhan-region institution’s data and copy protected service information to controlled servers.
Officials say the detainees also created malware aimed at neutralizing defenses and building botnets used for large-scale cyberattacks.