A 33-year-old Latvian nationwide residing in Moscow, Russia, has been charged within the U.S. for allegedly stealing knowledge, extorting victims, and laundering ransom funds since August 2021.
Deniss Zolotarjovs (aka Sforza_cesarini) has been charged with conspiring to commit cash laundering, wire fraud and Hobbs Act extortion. He was arrested in Georgia in December 2023 and has since been extradited to the U.S. as of this month.
“Zolotarjovs is a member of a identified cybercriminal group that assaults laptop methods of victims world wide,” the U.S. Division of Justice (DoJ) stated in a press launch this week.
“Amongst different issues, the Russian cybercrime group steals sufferer knowledge and threatens to launch it except the sufferer pays ransom in cryptocurrency. The group maintains a leaks and public sale web site that lists sufferer firms and provides stolen knowledge for obtain.”
Zolotarjovs is believed to have been an lively member of the e-crime group, partaking with different members of the gang and laundering the ransom funds obtained from victims.
Whereas the identify of the cybercrime syndicate was not talked about by the DoJ, a November 28, 2023, grievance filed within the U.S. District Courtroom hyperlinks the defendant to an information extortion crew tracked as Karakurt, which emerged as a splinter group within the wake of the crackdown on Conti in 2022.
“Additional evaluation of Sforza’s communications [on Rocket.Chat] indicated Sforza gave the impression to be answerable for conducting negotiations on Karakurt sufferer chilly case extortions, in addition to open-source analysis to determine cellphone numbers, emails, or different accounts at which victims might be contacted and pressured to both pay a ransom or re-enter a chat with the ransomware group,” the Federal Bureau of Investigation (FBI) stated.
“Sforza additionally mentioned efforts to recruit paid journalists to publish information articles about victims so as to persuade the victims to take Karakurt’s extortion calls for significantly.”
The FBI famous in its grievance that it was in a position to hyperlink the web alias “Sforza_cesarini” to Deniss Zolotarjovs by tracing Bitcoin transfers made in September 2021 from a cryptocurrency pockets that was registered to an Apple iCloud account.
The legislation enforcement company additional stated a number of the illicit proceeds had been laundered by means of a number of addresses earlier than arriving at a deposit deal with related to Garantex, particularly a Bitcoin24.professional account bearing the identical e mail deal with, prompting it to concern a search warrant to Apple in September 2023 for acquiring the information related to the e-mail deal with.
From the data shared by the tech big, the FBI stated the Rocket.Chat immediate messaging account ID “Sforza_cesarini” was “accessed by the identical IP addresses at or about the identical occasions, on a number of events, as these used to entry dennis.zolotarjov@icloud[.]com.”
Zolotarjovs is the primary alleged group member of Karakurt to be arrested and extradited to the U.S., a feat that might pave the way in which for the identification and prosecution of extra members sooner or later.
“Karakurt actors have contacted victims’ staff, enterprise companions, and shoppers with harassing emails and cellphone calls to stress the victims to cooperate,” the U.S. authorities stated in a bulletin final 12 months. “The emails have contained examples of stolen knowledge, reminiscent of social safety numbers, cost accounts, personal firm emails, and delicate enterprise knowledge belonging to staff or shoppers.”
