New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research

Search

Ukrainian Cyber Criminal Extradited From Poland for Decrypting Credentials and Selling Them on the Dark Web

Glib Oleksander Ivanov-Tolpintsev (28, Chernivtsi, Ukraine) faces the possibilitly of up to 17 years in prison, if convicted, after being extradited to the United States for charges of conspiracy, trafficking in unauthorized access devices, and trafficking in computer passwords. Additionally, Tolpintsev could be required to forfeit $82,648 to the United States, which is allegedly the amount he profited from his illegal activities. Tolpintsev was arrested in October of last year by Polish authorities for using a botnet to conduct brute-force attacks to decrypt and steal login credentials. Tolpintsev stated that his botnet was capable of stealing credentials for roughly 2,000 computers every week. He then sold the credentials on Darkweb sites, which facilitated illegal activities such as tax fraud and ransomware attacks.

Analyst Notes

The extradition of Tolpintsev is a sign of the continued cooperation of global law enforcement partners to combat cybercrime. A newly created ransomware group named Groove, created by former members of Babuk, took notice of the extradition. On Groove’s leak site the group posted a warning stating that if Ukraine continued to extradite citizens to the United States, Groove would launch attacks on the Ukrainian government. The threat actors behind Groove apparently missed the point that Poland was the country responsible for the extradition decision, and Ukraine’s government didn’t have a say. It is against Ukraine’s constitution to extradite its own citizens to foreign countries.

 

Threat actors often sell stolen data on the dark web which then is used for further cybercrimes. If you have been a victim of a data breach immediately change all passwords to any accounts that have been compromised. Notify your financial institutions and monitor your accounts to identify any unusual activity. Freeze or lock your credit file which will prevent potential lenders from accessing your file.

 

 

 

Source: https://www.justice.gov/usao-mdfl/pr/ukrainian-cyber-criminal-extradited-decrypting-credentials-thousands-computers-across