A 33-year-old Latvian nationwide residing in Moscow, Russia, has been charged within the U.S. for allegedly stealing information, extorting victims, and laundering ransom funds since August 2021.
Deniss Zolotarjovs (aka Sforza_cesarini) has been charged with conspiring to commit cash laundering, wire fraud and Hobbs Act extortion. He was arrested in Georgia in December 2023 and has since been extradited to the U.S. as of this month.
“Zolotarjovs is a member of a recognized cybercriminal group that assaults laptop techniques of victims all over the world,” the U.S. Division of Justice (DoJ) mentioned in a press launch this week.
“Amongst different issues, the Russian cybercrime group steals sufferer information and threatens to launch it until the sufferer pays ransom in cryptocurrency. The group maintains a leaks and public sale web site that lists sufferer corporations and provides stolen information for obtain.”
Zolotarjovs is believed to have been an lively member of the e-crime group, participating with different members of the gang and laundering the ransom funds acquired from victims.
Whereas the title of the cybercrime syndicate was not talked about by the DoJ, a November 28, 2023, grievance filed within the U.S. District Court docket hyperlinks the defendant to a knowledge extortion crew tracked as Karakurt, which emerged as a splinter group within the wake of the crackdown on Conti in 2022.
“Additional evaluation of Sforza’s communications [on Rocket.Chat] indicated Sforza gave the impression to be liable for conducting negotiations on Karakurt sufferer chilly case extortions, in addition to open-source analysis to establish telephone numbers, emails, or different accounts at which victims could possibly be contacted and pressured to both pay a ransom or re-enter a chat with the ransomware group,” the Federal Bureau of Investigation (FBI) mentioned.
“Sforza additionally mentioned efforts to recruit paid journalists to publish information articles about victims with a view to persuade the victims to take Karakurt’s extortion calls for critically.”
The FBI famous in its grievance that it was capable of hyperlink the net alias “Sforza_cesarini” to Deniss Zolotarjovs by tracing Bitcoin transfers made in September 2021 from a cryptocurrency pockets that was registered to an Apple iCloud account.
The legislation enforcement company additional mentioned a few of the illicit proceeds have been laundered by a number of addresses earlier than arriving at a deposit deal with related to Garantex, particularly a Bitcoin24.professional account bearing the identical electronic mail deal with, prompting it to difficulty a search warrant to Apple in September 2023 for acquiring the information related to the e-mail deal with.
From the knowledge shared by the tech large, the FBI mentioned the Rocket.Chat prompt messaging account ID “Sforza_cesarini” was “accessed by the identical IP addresses at or about the identical instances, on a number of events, as these used to entry dennis.zolotarjov@icloud[.]com.”
Zolotarjovs is the primary alleged group member of Karakurt to be arrested and extradited to the U.S., a feat that would pave the way in which for the identification and prosecution of further members sooner or later.
“Karakurt actors have contacted victims’ staff, enterprise companions, and purchasers with harassing emails and telephone calls to strain the victims to cooperate,” the U.S. authorities mentioned in a bulletin final 12 months. “The emails have contained examples of stolen information, akin to social safety numbers, fee accounts, personal firm emails, and delicate enterprise information belonging to staff or purchasers.”
