Latvian Hacker Extradited to U.S. for Position in Karakurt Cybercrime Group

Aug 23, 2024Ravie LakshmananCyber Crime / Ransomware

A 33-year-old Latvian nationwide residing in Moscow, Russia, has been charged within the U.S. for allegedly stealing knowledge, extorting victims, and laundering ransom funds since August 2021.

Deniss Zolotarjovs (aka Sforza_cesarini) has been charged with conspiring to commit cash laundering, wire fraud and Hobbs Act extortion. He was arrested in Georgia in December 2023 and has since been extradited to the U.S. as of this month.

“Zolotarjovs is a member of a known cybercriminal organization that attacks computer systems of victims around the world,” the U.S. Division of Justice (DoJ) mentioned in a press launch this week.

“Among other things, the Russian cybercrime group steals victim data and threatens to release it unless the victim pays ransom in cryptocurrency. The group maintains a leaks and auction website that lists victim companies and offers stolen data for download.”

Cybersecurity

Zolotarjovs is believed to have been an lively member of the e-crime group, participating with different members of the gang and laundering the ransom funds acquired from victims.

Whereas the identify of the cybercrime syndicate was not talked about by the DoJ, a November 28, 2023, grievance filed within the U.S. District Court docket hyperlinks the defendant to an information extortion crew tracked as Karakurt, which emerged as a splinter group within the wake of the crackdown on Conti in 2022.

“Further analysis of Sforza’s communications [on Rocket.Chat] indicated Sforza appeared to be responsible for conducting negotiations on Karakurt victim cold case extortions, as well as open-source research to identify phone numbers, emails, or other accounts at which victims could be contacted and pressured to either pay a ransom or re-enter a chat with the ransomware group,” the Federal Bureau of Investigation (FBI) mentioned.

“Sforza also discussed efforts to recruit paid journalists to publish news articles about victims in order to convince the victims to take Karakurt’s extortion demands seriously.”

The FBI famous in its grievance that it was in a position to hyperlink the net alias “Sforza_cesarini” to Deniss Zolotarjovs by tracing Bitcoin transfers made in September 2021 from a cryptocurrency pockets that was registered to an Apple iCloud account.

The legislation enforcement company additional mentioned a few of the illicit proceeds have been laundered by means of a number of addresses earlier than arriving at a deposit handle related to Garantex, particularly a Bitcoin24.professional account bearing the identical e-mail handle, prompting it to challenge a search warrant to Apple in September 2023 for acquiring the data related to the e-mail handle.

Cybersecurity

From the data shared by the tech large, the FBI mentioned the Rocket.Chat immediate messaging account ID “Sforza_cesarini” was “accessed by the same IP addresses at or about the same times, on multiple occasions, as those used to access dennis.zolotarjov@icloud[.]com.”

Zolotarjovs is the primary alleged group member of Karakurt to be arrested and extradited to the U.S., a feat that might pave the best way for the identification and prosecution of extra members sooner or later.

“Karakurt actors have contacted victims’ employees, business partners, and clients with harassing emails and phone calls to pressure the victims to cooperate,” the U.S. authorities mentioned in a bulletin final 12 months. “The emails have contained examples of stolen data, such as social security numbers, payment accounts, private company emails, and sensitive business data belonging to employees or clients.”

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.

Recent articles

INTERPOL Pushes for

Dec 18, 2024Ravie LakshmananCyber Fraud / Social engineering INTERPOL is...

Patch Alert: Essential Apache Struts Flaw Discovered, Exploitation Makes an attempt Detected

Dec 18, 2024Ravie LakshmananCyber Assault / Vulnerability Risk actors are...