27 July 2021

Estonian botnet operator who channeled traffic for other cybercriminals pleads guilty in US court


Estonian botnet operator who channeled traffic for other cybercriminals pleads guilty in US court

An Estonian national has pleaded guilty to two counts of computer fraud and abuse for his role in creating and operating a proxy botnet that was used by other cybercrime groups to transmit malicious traffic.

According to the US Department of Justice, the defendant, Pavel Tsurkan, 33, operated a proxy botnet known as “Russian2015” comprised of more than 1,000 hacked computers and routers. Tsurkan modified the operation of each compromised device so it could be used as a proxy to transmit third-party internet traffic without the owners’ knowledge or consent, the DoJ said. He then sold access to other cybercriminals who used the botnet to channel their traffic.

Victims “experienced significant data overages even when there were no home computers connected to the victims’ home networks. The data overages resulted in hundreds to thousands of dollars per victim,” the DoJ said.

Pavel Tsurkan is scheduled to be sentenced on November 10, 2021 and faces a maximum penalty of 10 years in prison. In June 2021 he pleaded guilty to aiding and abetting the unauthorized access to a protected computer. According to prosecutors, Tsurkan together with Oleg Koshkin, a Russian national who lived in Estonia, operated an online encryption service known as Crypt4U, which helped hide malware infections from antivirus software.

Tsurkan is currently released on bond pending sentencing in the Crypt4U case scheduled for September 27, 2021. He faces up to nine years in prison if found guilty.


Back to the list

Latest Posts

Turla APT targets entities in US, Germany and Afghanistan with new backdoor

Turla APT targets entities in US, Germany and Afghanistan with new backdoor

The TinyTurla backdoor is used to maintain access to the target system even if the primary malware is discovered and removed.
22 September 2021
Microsoft shares details on huge BulletProofLink PHaaS

Microsoft shares details on huge BulletProofLink PHaaS

BulletProofLink has been active since 2018 and is currently advertised on underground hacker forums.
22 September 2021
US Treasury sanctions Suex cryptocurrency exchange linked to ransomware operations

US Treasury sanctions Suex cryptocurrency exchange linked to ransomware operations

The Treasury Department said that over 40 percent of Suex known transactions is associated with illegal activity.
22 September 2021