Skip to main content
Press Release

Russian Citizen who Helped Develop the "Citadel" Malware Toolkit is Sentenced

For Immediate Release
U.S. Attorney's Office, Northern District of Georgia

ATLANTA - Mark Vartanyan, also known as “Kolypto,” was sentenced today by United States District Court Judge Mark H. Cohen to serve five years in federal prison, following his guilty plea in connection with his role in developing, improving and maintaining the “Citadel” malware toolkit between 2012 and 2014.

“Citadel caused vast amounts of harm to financial institutions and individuals around the world,” said U.S. Attorney John Horn. “Mark Vartanyan utilized his technical expertise to enable Citadel into becoming one of the most pernicious malware toolkits of its time, and for that, he will serve significant time in federal prison.”

David J. LeValley, Special Agent in Charge, FBI Atlanta Field Office, stated: "Malicious software and botnets are rarely created by a single individual. Cybercrime is an organized team effort involving sophisticated, talented, and tech savvy individuals. Today's sentencing of Mr. Vartanyan, who was engaged in the development, improvement, maintenance and distribution of malware, both removes a key resource from the cyber underworld and serves as a strong deterrent to others who may be contributing to the development of botnets and malware. The threat posed by cyber criminals in the U.S. and abroad is ever increasing. However, the FBI will not cease in its efforts to identify, pursue and defeat cyber criminals regardless of how deep in the cyber underground they reside or where they are located in the real world."

According to United States Attorney Horn, the charges, and other information presented in court: “Citadel” is a malware toolkit designed to infect computer systems and steal financial account credentials and personally identifiable information from victim computer networks. Beginning in or about 2011, Citadel was offered for sale on invite-only, Russian-language internet forums frequented by cybercriminals. Users of Citadel targeted and exploited the computer networks of major financial and government institutions around the world, including several financial institutions in the United States. According to industry estimates, Citadel infected approximately 11 million computers worldwide and is responsible for over $500 million in losses.

Between on or about August 21, 2012 and January 9, 2013, while residing in Ukraine, and again between on or about April 9, 2014 and June 2, 2014, while residing in Norway, Vartanyan engaged in the development, improvement, maintenance and distribution of Citadel. During these periods, Vartanyan uploaded numerous electronic files that consisted of Citadel malware, components, updates and patches, as well as customer information, all with the intent of improving Citadel’s illicit functionality.

Vartanyan, a Russian national, was extradited from Norway to face charges in the United States in December 2016. He pled guilty to computer fraud on March 20, 2017.

This case was investigated by the Federal Bureau of Investigation.

Assistant United States Attorney Steven D. Grimberg prosecuted the case. The Justice Department’s Office of International Affairs also provided assistance with this case.

For further information please contact the U.S. Attorney’s Public Affairs Office at or (404) 581-6016. The Internet address for the U.S. Attorney’s Office for the Northern District of Georgia is

Updated July 20, 2017