Ukraine arrests rogue VPN operator providing access to Runet
Ukraine's cyber police have arrested a 28-year-old man who operated a massive virtual private network (VPN) service, allowing people from within the country to access the Russian internet (Runet).
Runet is the portion of the internet that includes Russian sites on the ".ru" and ".su" top-level domains, including government sites, social media platforms, search engines, and various news platforms from the country. The Russian government has taken steps to control, restrict, monitor, and isolate from the broader global internet,
Per restrictions and sanctions imposed by Ukraine's National Security and Defense Council (NSDC), access to the Runet is forbidden. Hence, Ukrainian internet service providers (ISPs) block access to Russian platforms from within the country.
The rogue VPN service, which was set up shortly after the Russian invasion of Ukraine, enabled Russians in occupied territories, as well as Russian sympathizers across Ukraine, to bypass the restrictions.
This constitutes a violation of Part 5 of Article 361 of the Criminal Code of Ukraine, for which the self-taught hacker from Khmelnytskyi faces charges that could incur up to 15 years in prison.
According to the police's announcement, the VPN service offered access to over 48 million Runet IP addresses and facilitated network traffic that surpassed 100 gigabytes daily.
"The 'startup' allowed access to more than 48 million IP addresses of the Russian internet segment, bypassing the NSDC sanctions," explained the police.
"According to the investigation, the daily volume of network traffic exceeded 100 gigabytes."
The service was advertised through Telegram channels and related online communities, with the hacker presenting himself as a project developer.
The suspect controlled the rogue VPN service from an autonomous server located in his apartment. At the same time, he also rented servers in Germany, France, the Netherlands, and Russia to facilitate access to the Russian network.
Because of this, the Ukrainian police believe Russian intelligence agents had access to information on the VPN service's users.
During the arrest and associated searches in Khmelnytskyi and Zhytomyr, the police seized server equipment, computers, and mobile phones.
The police are currently analyzing the data, hoping to identify more accomplices or Russian agents working closely with the VPN service operator.
Akira and Fog ransomware now exploit critical Veeam RCE flaw
Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
CVE-2025-0111 Palo Alto Networks PAN-OS File Read Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2024-50302 Linux Kernel Use of Uninitialized Resource Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
InformationalBase64 Disclosure
HighSpring4Shell
InformationalCSP: Header & Meta
InformationalCookie Poisoning
LowStrict-Transport-Security Malformed Content (Non-compliant with Spec)
MediumDirectory Browsing
Free online web security scanner
