11 May 2021

Four Eastern European nationals plead guilty for running “bulletproof” hosting


Four Eastern European nationals plead guilty for running “bulletproof” hosting

Four individuals from Eastern Europe have pleaded guilty for their role in a Racketeer Influenced Corrupt Organization (RICO) that provided “bulletproof hosting” services between 2008 and 2015, which were used by cybercriminals to distribute malware and conduct attacks on financial institutions and victims across the United States.

The four accused are Aleksandr Grichishkin, 34, and Andrei Skvortsov, 34, of Russia; Aleksandr Skorodumov, 33, of Lithuania; and Pavel Stassi, 30, of Estonia. The US department of Justice alleges that these individuals were founders and/or members of a bulletproof hosting organization.

The group rented IP addresses, servers, and domains to cybercriminals, who used the infrastructure to spread malware that allowed them to gain access to victims’ computers, form botnets, and steal banking credentials.

Malware hosted by the organization included Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit, which rampantly attacked U.S. companies and financial institutions between 2009 and 2015 and caused or attempted to cause millions of dollars in losses to U.S. victims

“A key service provided by the defendants was helping their clients to evade detection by law enforcement and continue their crimes uninterrupted; the defendants did so by monitoring sites used to blocklist technical infrastructure used for crime, moving “flagged” content to new infrastructure, and registering all such infrastructure under false or stolen identities,” the DoJ said in a press release.

According to court documents, Grichishkin and Skvortsov were founding members of the organization and its proprietors. Skvortsov was responsible for advertising the organization’s services and also was a a point of contact for important and/or disgruntled clients.

Skorodumov was one of the organization’s lead systems administrators, he configured and managed the clients’ domains and IP addresses, provided technical support to help clients optimize their malware and botnets, and monitored and responded to abuse notices. Stassi was responsible for administrative tasks for the organization, such as conducting and tracking online marketing to the organization’s criminal clientele and using stolen and/or false personal information to register webhosting and financial accounts used by the organization.

Stassi, Skorodumov, and Grichishkin pleaded guilty in February and March 2021 to one count of RICO conspiracy. Skvortsov pleaded guilty today to the same charge. Sentencing of Stassi, Skorodumov, Grichishkin, and Skvortsov has been set for June 3, June 29, July 8, and Sept. 16, respectively. If found guilty, the defendants could spend up to 20 years in prison.

Back to the list

Latest Posts

Google fixes yet another Chrome 0Day exploited in the wild

Google fixes yet another Chrome 0Day exploited in the wild

In addition to CVE-2021-30554, Chrome 91.0.4472.114 resolves three high-risk vulnerabilities that allow a remote attacker to compromise a vulnerable system.
18 June 2021
Researchers uncover a 6-year Iranian domestic cyber-espionage campaign

Researchers uncover a 6-year Iranian domestic cyber-espionage campaign

The threat actor deployed the MarkiRAT malware able to steal data and hijack the infected user’s Chrome browser and their Telegram app.
17 June 2021
DarkSide affiliates shift to software supply chain attacks

DarkSide affiliates shift to software supply chain attacks

UNC2465 compromised a website of a CCTV camera vendor and planted malware in the Dahua SmartPSS Windows app.
17 June 2021