In march 2011 CERT-Georgia has Discovered  Cyber Espionage Attack Incident on country of Georgia.  Advanced  Malicious Software was Collecting Sensitive, Confidential Information about  Georgian and American Security Documents and then uploading it to some of  Command and Control Servers.

.

After a challenging investigating  by CERT-Georgia researchers they found that this attack was  linked Russian Official Security Agencies, Moreover investigators was able  to turn on the webcam of mastermind behind the malware and  they caught  him on camera.

.

Hacker hack some Georgian news sites and  inject  “Georbot Botnet” behind that, after visiting that page  most of the  readers get infected and malware take control of their systems.  Malware was able  to send any file from the local hard drive to the remote  server, Steal  certificates, Record audio using the microphone and web  cams,  Scan  the local network to identify other hosts on the same network.  Malware was also  using  CVE-2010-0842, CVE-2006-3730, MS06-057 and other  unknown  vulnerabilities to infect networks.

.

But finally Researchers  from CERT-Georgia trick the mastermind in his own trap by infecting their  own PC from Lab, then gave Cyber Attacker Fake ZIP Archive with their own virus  inside and the name “Georgian-Nato Agreement“. Attacker  stole  that archive and executed malicious files provide by researchers. That  sudden  give access of mastermind’s computer to investigators. They turn on his  camera  and took his picture shown below:

“We have obtained Russian Document, from  e-mail, where he was giving someone instructions how to use this malicious  software and how to infect targets. We have linked him with some of German and  Russian hackers. Then we have obtained information about his destination city,  Internet service provider, e-mail, and etc.” Researchers said.
Most Georgian Infected computers were from our  Governmental Agencies and Critical Information Infrastructures . Main targets  of  hacker was classified information from Georgia Ministries  ,Parliament  ,Critical Information Ifrastructures, Banks , NGO’s.

During investigation they got the origin of  hacker, which was Russian Ministry of Internal Affairs, Department of Logistics  , according to google map its just next to “Federal Security Service of  the Russian Federation (FSB)”