Group pleads guilty to running bulletproof hosting service for criminal gangs and malware payloads


Four people have pleaded guilty to running a bulletproof hosting service used by criminals to launch cyber attacks.

The US Department of Justice (DoJ) said Russian nationals Aleksandr Grichishkin and Andrei Skvortsov, alongside Lithuanians Aleksandr Skorodumov and Pavel Stassi of Estonia, were operating a bulletproof host between 2009 and 2015.

Bulletproof hosting is a service in which private online infrastructure is offered, and operators will generally turn a blind eye to why customers are using their leased domains.

Notices of copyright infringement are ignored, privacy is marketed as a feature of these services, and the bulletproof offers are the perfect fit for criminal groups looking for infrastructure to host malware, establish servers. command and control (C2) and host illegal content, including malware and child pornography.

However, being prepared to ignore client transgressions does not mean law enforcement will take the same stance, and in this case the group has been charged with conspiring to engage in a corrupt organization influenced by racketeering. (RICO).

According to the DoJ, the group leased servers and domains that were used in criminal campaigns, including attacks on US businesses and financial organizations.

Malware, including the Zeus and SpyEye Trojans, the Citadel Trojan and Credentials Thief, and the Blackhole Exploit Kit – used in drive-thru downloads to serve payloads to victims – were among those hosted by the bulletproof hosting provider.

“A key service provided by the defendants has been to help their clients escape detection by law enforcement and prosecute their crimes without interruption; the defendants did so by monitoring sites used to block technical infrastructure used for criminal purposes, moving content> towards new infrastructures, and register all these infrastructures under false or stolen identities ”, state prosecutors.

All four have pleaded guilty to one count of RICO in United States District Court in the Eastern District of Michigan and they each face up to 20 years in prison. Sentencing was set individually between June and September.

The FBI investigated the case with the help of law enforcement agencies in Germany, Estonia and the UK.

In December 2020, as part of “Operation Nova”, police in the United States and several countries seized three virtual private network (VPN) services used by cybercriminals. VPNs have been advertised on underground forums as a way to hide the location and identity of ransomware operators, Magecart attackers, and phishing scammers.

Previous and related coverage

Do you have any advice? Get in touch securely via WhatsApp | Signal to +447713025499, or more to Keybase: charlie0

Leave A Reply

Your email address will not be published.