US indicts Russian accused of running major global cybercrime ring
A US federal indictment unsealed Thursday accused a Russian man of leading a global cybercrime ring that caused hundreds of millions of dollars in damage to victims around the world.
The crime group victimized people throughout the US and in various sectors of the economy, according to the indictment, from a dental office in Los Angeles to a music company in Tennessee.
In announcing the charges, the Justice Department said it was working to return to victims more than $24 million in cryptocurrency allegedly stolen by the Russian man and seized by the department.
It's the latest installment in a yearslong US law enforcement effort to make it more difficult for Russia-based criminals to extort and disrupt US critical infrastructure providers with ransomware attacks. On Wednesday, the Justice Department said it had seized the computer systems behind another prolific hacking tool whose mastermind is also allegedly based in Russia.
Russia and the US don't have an extradition treaty, and the Kremlin has been reluctant to pursue hackers on Russian soil as long as they don't attack Russian organizations, according to US officials.
The man indicted Thursday, Rustam Rafailevich Gallyamov, a 48-year-old based in Moscow, allegedly developed a piece of malicious software in 2008 that has been used to infect hundreds of thousands of computers in the US and globally. The malware, called Qakbot, was used in damaging ransomware attacks on health care agencies and government agencies worldwide, prosecutors have said.
Gallyamov often received a cut of the proceeds from ransomware attacks that other hackers carried out using Qakbot, according to the Justice Department. For the ransomware attack on the Tennessee music company, he received the equivalent of more than $300,000, the indictment says.
CNN has requested comment from the Russian Embassy in Washington, DC, on the charges.
The indictment provides a window into the resilient career path of an alleged cybercriminal. In 2023, the FBI and European law enforcement agencies dismantled a massive network of computers infected with Qakbot and seized millions of dollars belonging to the hackers.
Gallyamov responded to that bust by looking for other ways to make his malicious software available to cybercriminals conducting ransomware attacks, Akil Davis, assistant director in charge of the FBI's Los Angeles Field Office, said in a statement on Thursday. Gallyamov and associates allegedly started 'spam bombing' companies, or flooding their inboxes with subscription to newsletters, and then posing as IT support to offer to fix the problem, the indictment says.
The State Department in 2023 offered $10 million for information on people behind Qakbot. It's unclear if any confidential tips to the State Department led to Gallyamov's indictment. In some cases, federal prosecutors unseal an indictment when they aren't sure if a defendant will travel out of a country that doesn't have an extradition treaty with the US.
One of Gallyamov's primary customers was allegedly a ransomware gang known as Conti, which made at least $25 million from a flurry of attacks in a fourth-month span in 2021, according to crypto-tracking firm Elliptic. The ransomware gang used Gallyamov's hacking tool in attacks on a Wisconsin manufacturing firm and Nebraska tech company in the fall of 2021, according to the indictment.
The last mention of the Conti ransomware gang in the indictment is in late January 2022. A month later, Russia launched its full-scale invasion of Ukraine, and a Ukrainian leaked a trove of data on Conti in revenge for its support for the Russian government, forcing the criminal network to reconstitute. But Gallyamov allegedly moved on to other customers.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Fox News
35 minutes ago
- Fox News
Former DC teacher arrested, charged with soliciting child pornography: DOJ
A former Washington, D.C., schoolteacher has been arrested by the FBI for allegedly soliciting child pornography from a minor, the Justice Department said Monday. Devonne Keith Brown, 56, who taught health at the IDEA Public Charter School, is accused of soliciting child sexual abuse materials from a young girl in Prince George's County, Maryland. "Those who prey on minors to solicit the production of CSAM are morally reprehensible and will be held accountable for their heinous crimes," said Steven Jensen, assistant director in charge of the FBI Washington Field Office. "The FBI remains committed to protecting our children and ridding our communities of this grievous scourge." Brown is charged with one count of receipt of child pornography and appeared in court Monday. He was detained by a judge pending a Thursday hearing. In addition to soliciting child porn, Brown also allegedly used CashApp to send payments to the minor, federal prosecutors said. "for snacks ? more photos otw," one comment states on a $15 CashApp request sent to Brown from a minor, according to court documents. The unidentified minor told investigators that she met a man named "Joseph" at a grocery store near her home. She said the man sent her money for ice cream via the app. After communicating with the man on social media, she sent him nude images of herself, authorities said. The man who went by "Joseph" also sent the minor images of nude women and asked her to recreate them for him, prosecutors said. Upon further investigation, authorities allege that they also found sexually graphic images and videos in emails sent to Brown by minors. In a statement to FOX 5 DC, the charter school said it was "deeply concerned" by the allegations against Brown. "This individual is no longer employed by the school," the school said. "The safety and well-being of our students is our highest priority. We are fully cooperating with law enforcement and supporting their ongoing investigation. Based on the information currently available to us, there is no indication that any IDEA student was directly involved." Fox News Digital has reached out to the school.
Yahoo
40 minutes ago
- Yahoo
Colorado Springs neighbor says Boulder terror attack suspect lived next door
Bradley Davis COLORADO SPRINGS, Colo. (KRDO) – A family in the Cimarron Hills area of Colorado Springs said they recognized the man arrested in Boulder for the attack on Israeli hostage protestors as their neighbor. A man reportedly set people on fire on Sunday, leaving multiple people hurt as people gathered for a demonstration in support of the Israeli hostages. The neighbors wanted their names to be anonymous, but the mother said a man living at the apartment complex investigated by the FBI Sunday night introduced himself to her as 'Mohamed' when they moved in two years ago. The FBI said their suspect in custody is a man named Mohamed Soliman. According to Stephen Miller, who is serving as White House deputy chief of staff for policy and homeland security advisor, the suspect was living in the country illegally on an overstayed visa. Miller said he was granted a tourist visa under the Biden Administration. 'This is scary. I'm going to be honest, this is scary,' the woman said. 'Especially the times that we live in. You see someone's car pull up, and you don't know who is who.' The mother's young daughter said she went next door to play with the man's children on a regular basis. She said she was going over to do the same Saturday, a day before the attack, when she said the whole family piled into their SUV in a rush, ignoring her as she walked over to their door. 'My mom asked me if they waved or not, and they didn't because the dad was driving, and he was rushing,' she said. 'You saw the dad driving on Saturday?' KRDO13's Bradley Davis asked. 'Yes.' 'Did he look like the picture of the man you saw who got arrested?' 'Yes.' She also said she saw the dad, introduced to them as Mohamed, walking out of the apartment with a large black bag and a yellow long-nosed lighter shortly before leaving. Both said they heard the FBI investigators when they came to their street on Sunday. The mother said the agents started further up the street and assumed it was about someone she didn't know until she heard them close in on their neighbor's home. 'You heard them yell out the address, and that's when we knew,' she said. The daughter said she heard a loud banging and believes it was the FBI agents entering the home. Both said they did not see any of the family members during the whole process. They said all the family's cars are gone from the street and driveway. The woman said the FBI did not contact them to ask about Mohamed or the family. She said they have eaten together, and they always seemed like a normal, neighborly family. The FBI said it was investigating the home in Cimarron Hills in connection with what the agency is calling a terror attack in Boulder. It has not been officially confirmed by law enforcement that it is the residence of their suspect, Mohamed Soliman. Law enforcement officials said there are now 8 victims in the attack, where Soliman allegedly used a makeshift flamethrower to burn the Israeli hostage protestors. Click here to follow the original article.
Yahoo
an hour ago
- Yahoo
Suspect in Boulder attack said he planned to kill all in group he called ‘Zionist'
BOULDER, Colorado — A man posing as a gardener to get close to a group in Boulder holding their weekly demonstration for the release of Israeli hostages in Gaza planned to kill them all with Molotov cocktails, authorities said Monday. But he had second thoughts and only threw two out of the 18 incendiary devices he had into the group of about 20 people, yelling 'Free Palestine' and accidentally burning himself, police said. Twelve people were injured in the Sunday attack. He had gas in a backpack sprayer but told investigators he didn't spray it on anyone but himself 'because he had planned on dying.' 'He said he had to do it, he should do it, and he would not forgive himself if he did not do it,' police wrote in an affidavit. He didn't carry out his full plan 'because he got scared and had never hurt anyone before.' Mohamad Sabry Soliman, 45, planned the attack for more than a year and specifically targeted what he described as a 'Zionist group,' authorities said in court papers charging him with a federal hate crime. The suspect's first name also was spelled Mohammed in some court documents. 'When he was interviewed about the attack, he said he wanted them all to die, he had no regrets and he would go back and do it again,' acting U.S. Attorney J. Bishop Grewell for the District of Colorado said during a press conference Monday. Federal and state prosecutors filed separate criminal cases against Soliman, charging him with a hate crime and attempted murder, respectively. He faces additional state charges related to the incendiary devices, and more charges are possible in federal court, where the Justice Department will seek a grand jury indictment. During a state court hearing Monday, Soliman appeared briefly via a video link from the Boulder County Jail wearing an orange jumpsuit. Another court hearing is set for Thursday. Soliman is being held on a $10 million, cash-only bond, prosecutors said. An FBI affidavit says Soliman confessed to the attack after being taken into custody Sunday and told the police he was driven by a desire 'to kill all Zionist people,' a reference to the movement to establish and protect a Jewish state in Israel. Soliman's attorney, public defender Kathryn Herold, declined to comment after the hearing. Soliman was living in the U.S. illegally after entering the country in August 2022 on a B2 visa that expired in February 2023, Department of Homeland Security Assistant Secretary Tricia McLaughlin said in a post on the social platform X. The burst of violence at the popular Pearl Street pedestrian mall in downtown Boulder unfolded against the backdrop of the Israel-Hamas war that continues to inflame global tensions and has contributed to a spike in antisemitic violence in the United States. The attack happened on the beginning of the Jewish holiday of Shavuot and barely a week after a man who also yelled 'Free Palestine' was charged with fatally shooting two Israeli embassy staffers outside the Capital Jewish Museum in Washington. The victims who were wounded range in age from 52 to 88, and the injuries spanned from serious to minor, officials said. All four of the latest victims had what police described as minor injuries. Six of the injured were taken to hospitals, and four have since been released, said Miri Kornfeld, a Denver-based organizer connected to the group. She said the clothing of one of those who remains hospitalized caught on fire. The volunteer group called Run For Their Lives was concluding their weekly demonstration when video from the scene shows a witness shouting, 'He's right there. He's throwing Molotov cocktails.' A police officer with his gun drawn advances on a bare-chested suspect who is holding containers in each hand. Witness Alex Osante of San Diego said he was across the pedestrian mall when he heard the crash of a bottle breaking and a 'boom' followed by people yelling and screaming. In video of the scene captured by Osante, people could be seen pouring water on a woman lying on the ground who Osante said had caught on fire during the attack. Soliman said he dressed up like gardener with an orange vest in order to get as close to the group as possible, police wrote. Osante said that after the suspect threw the two incendiary devices, apparently catching himself on fire as he threw the second, he took off his shirt and what appeared to be a bulletproof vest before the police arrived. The man dropped to the ground and was arrested without any apparent resistance in the video Osante filmed. District Attorney Michael Dougherty said 16 unused Molotov cocktails were recovered by law enforcement. The devices were made up of glass wine carafe bottles or jars with clear liquid and red rags hanging out of the them, the FBI said. Soliman told investigators he constructed the devices after doing research on YouTube and buying the ingredients. 'He stated that he had been planning the attack for a year and was waiting until after his daughter graduated to conduct the attack,' the affidavit says. Soliman also told investigators he took a concealed carry class and tried to buy a gun but was denied because he is not a legal U.S. citizen. Authorities said they believe Soliman acted alone. He was also injured and taken to a hospital. Authorities did not elaborate on the nature of his injuries, but a booking photo showed him with a large bandage over one ear. In video and photos shot right after the attack by a woman at the gathering, Soliman can be seen pacing without his shirt on with what appears to be burns down one of his arms. He and a small group of people around him are screaming at each other, with some witnesses filming him. Soliman, who was born in Egypt, moved to Colorado Springs three years ago, where he lived with his wife and five kids, according to state court documents. He previously spent 17 years living in Kuwait. McLaughlin said Soliman filed for asylum in September 2022 and was granted a work authorization in March 2023 that had expired. DHS did not immediately respond to requests for additional information. Shameka Pruiett knew Soliman and his wife as kindly neighbors with three young kids and two teenagers who'd play with Pruiett's kids. Another neighbor, Kierra Johnson, said she could often hear shouting at night from his apartment and once called police because of the screaming and yelling. On Sunday, Pruiett saw law enforcement vehicles waiting on the street throughout the day until the evening, when they spoke through a megaphone telling anyone in Soliman's home to come out. Nobody came out and it did not appear anyone was inside, said Pruiett.
