The US Department of Justice (DoJ) announced that a Russian national has been sentenced to two years in prison for managing a botnet used to launch ransomware attacks against US companies.
Ilya Angelov, 40, of Tolyatchi, Russia, was also fined $100,000. Angelov, who operated under the online aliases Milano and Occult, is said to have co-managed a Russia-based cybercrime group known as TA551 (also known as ATK236, G0127, Gold Cabin, Hive 0106, Mario Kart, Monster Libra, and Shattuck) from 2017 to 2021.
“Mr. Angelov’s group established a network of compromised computers (a ‘botnet’) through the distribution of malware-infected files attached to spam emails,” the Justice Department said. “Angelov and his co-managers then monetized this botnet by selling access to individual compromised computers (“bots”). ”
According to the sentencing memorandum, the threat group developed programs to distribute spam emails and sophisticated malware to evade security tools. Angelov and his co-managers recruited members and supervised various activities. The main tool was a backdoor that allowed malicious software to be uploaded to the victim’s computer.
The primary goal of the attack was to resell access to other criminal groups and use it for ransomware extortion schemes. From August 2018 to December 2019, TA551 provided the BitPaymer ransomware group with access to a botnet, allowing the e-crime organization to infect 72 US companies. This resulted in over $14.17 million in extortion payments.
The operators of the IcedID malware also paid Angelov’s group more than $1 million to gain access to the botnet and distribute ransomware in late 2019 and early 2020, but the extent of the damage is currently unknown. It is suspected that this partnership blossomed after the collapse of the BitPaymer group. According to the US Federal Bureau of Investigation (FBI), this cooperation continued until around August 2021.
In November 2021, Cybereason revealed that the operators of the TrickBot Trojan were collaborating with TA551 to distribute Conti Ransomware. In the same month, France’s Computer Emergency Response Team (CERT-FR) also revealed that the Lockean ransomware group was using distribution services provided by TA551, following law enforcement’s bust of the Emotet botnet in early 2021.
“Foreign cybercriminals like this defendant target American citizens and businesses,” U.S. Attorney Jerome F. Gorgon Jr. said in a statement. “Their methods are becoming increasingly sophisticated, but their motivation is the same: to deceive and harm us.”
The development comes a day after the Justice Department announced that another Russian national, 26-year-old Alexei Olegovich Volkov (also known as “chubaka.kor” and “nets”), was sentenced to nearly seven years in prison after pleading guilty to acting as an initial access broker (IAB) in the Yanluowang ransomware attack that targeted eight U.S. companies between July 2021 and November 2022.
Source link
