27 July 2021

Estonian botnet operator who channeled traffic for other cybercriminals pleads guilty in US court


Estonian botnet operator who channeled traffic for other cybercriminals pleads guilty in US court

An Estonian national has pleaded guilty to two counts of computer fraud and abuse for his role in creating and operating a proxy botnet that was used by other cybercrime groups to transmit malicious traffic.

According to the US Department of Justice, the defendant, Pavel Tsurkan, 33, operated a proxy botnet known as “Russian2015” comprised of more than 1,000 hacked computers and routers. Tsurkan modified the operation of each compromised device so it could be used as a proxy to transmit third-party internet traffic without the owners’ knowledge or consent, the DoJ said. He then sold access to other cybercriminals who used the botnet to channel their traffic.

Victims “experienced significant data overages even when there were no home computers connected to the victims’ home networks. The data overages resulted in hundreds to thousands of dollars per victim,” the DoJ said.

Pavel Tsurkan is scheduled to be sentenced on November 10, 2021 and faces a maximum penalty of 10 years in prison. In June 2021 he pleaded guilty to aiding and abetting the unauthorized access to a protected computer. According to prosecutors, Tsurkan together with Oleg Koshkin, a Russian national who lived in Estonia, operated an online encryption service known as Crypt4U, which helped hide malware infections from antivirus software.

Tsurkan is currently released on bond pending sentencing in the Crypt4U case scheduled for September 27, 2021. He faces up to nine years in prison if found guilty.


Back to the list

Latest Posts

Windows MSHTML bug used in ransomware attacks, Microsoft says

Windows MSHTML bug used in ransomware attacks, Microsoft says

According to the Windows maker, in the wild exploitation of CVE-2021-40444 began on August 18.
17 September 2021
State-backed hackers actively exploiting recently disclosed Zoho RCE bug

State-backed hackers actively exploiting recently disclosed Zoho RCE bug

The targeted entities include academic institutions, defense contractors, as well as critical infrastructure entities.
17 September 2021
Free REvil/Sodinokibi ransomware universal decryptor released

Free REvil/Sodinokibi ransomware universal decryptor released

The tool works for all REvil victims whose files were encrypted in attacks prior to July 13, 2021.
17 September 2021
Featured vulnerabilities
Multiple vulnerabilities in cflinuxfs3
Medium Patched | 17 Sep, 2021
Information disclosure in cflinuxfs3
Medium Patched | 17 Sep, 2021
Information disclosure in Git
Medium Patched | 17 Sep, 2021
Multiple vulnerabilities in GLPI
Medium Patched | 17 Sep, 2021
Multiple vulnerabilities in cflinuxfs3
Medium Patched | 17 Sep, 2021