[TheRecord] Ukrainian indicted for running brute-force botnet, selling hacked PC accounts

The US Department of Justice announced today the extradition of a Ukrainian national from Poland on charges of selling access to compromised computer systems via a specialized marketplace on the dark web.

Glib Oleksandr Ivanov-Tolpintsev, 28, of Chernivtsi, Ukraine, stands accused of creating a botnet of compromised computers across the world.

According to court documents [PDF], for more than four years, the suspect operated this botnet in order to execute brute-force attacks that decrypted and guessed login credentials for computers across the world (believed to be RDP accounts).

US officials said that once Ivanov-Tolpintsev successfully validated the compromised credentials, they were put up for sale on 

All validated credentials were then sold on a dark web marketplace dedicated to the sale of compromised computer accounts. US officials said Ivanov-Tolpintsev sold the login credentials of at least 2,000 computers every week.

“Once sold on this website, credentials were used to facilitate a wide range of illegal activity, including tax fraud and ransomware attacks,” DOJ officials said in a press release.

Ivanov-Tolpintsev ran his operation from May 2016 to October 2020, when he was arrested in a small Polish village named Korczowa, just 1km away from the Polish-Ukrainian border.

Authorities said the Ukrainian faces up to 17 years in prison if found guilty on all charges, which include conspiracy, trafficking in unauthorized access devices, and trafficking in computer passwords.

The post Ukrainian indicted for running brute-force botnet, selling hacked PC accounts appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[BleepingComputer] New BazaFlix attack pushes BazarLoader malware via fake movie site

Security researchers found a new BazarCall email phishing campaign that manages to bypass automated threat detection systems to deliver the BazarLoader malware used by the TrickBot gang. […] Source: Read More (BleepingComputer)

Read More

[ZDNet] Ransomware: Now attackers are exploiting Windows PrintNightmare vulnerabilities

All posts, ZDNet

Cyber-criminal groups including Vice Society and Magiber have been spotted using vulnerabilities in Windows Print Spooler to infect victims with ransomware. Source: Read More (Latest topics for ZDNet in Security)

Read More

[BleepingComputer] Interpol urges police to unite against ‘potential ransomware pandemic’

Interpol (International Criminal Police Organisation) Secretary General Jürgen Stock urged police agencies and industry partners to work together to prevent what looks like a future ransomware pandemic. […] Source: Read More (BleepingComputer)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.