Operator of the proxy botnet Russian2015 pleaded guilty

The US Department of Justice reported that Estonian citizen Pavel Tsurkan pleaded guilty to the creation and use of the Russian2015 proxy botnet, which consists of hacked routers that proxied malicious traffic for other criminals.

According to the investigation, Tsurkan controlled his botnet through the website Presumably, in order to create a botnet, he hacked into more than 1000 routers, which were then used by his clients as proxy servers (for example, to send spam).

Tsurcan interfered with every compromised Internet router so that it could be used as a proxy, allowing Turcan to pass third-party traffic through home routers without the awareness or consent of their owners.

Sometimes Tsurkan allowed dozens of his criminal clients to proxy traffic through one victim’s home router. For example, in the case of Victim 3, a hospital located in Alaska, Tsurkan configured the victim’s router so that it could proxy traffic from more than 70 different computers. the court documents say.

Compromising routers led to the fact that victims had communication problems, and they also had significantly increased Internet bills. Essentially, the traffic grew up to 3-6 GB per day, and sometimes the victims received invoices for hundreds and even thousands of US dollars.

Let me remind you that Tsurcan was arrested in Estonia in 2019 and then extradited to the United States. After pleading guilty, he faces up to 10 years in prison. Last month, he also pleaded guilty to another case involving the Kelihos botnet and the use of the Crypt4U cryptor (which Kelihos used to hide payloads and evade detection). Moreover, Turcan also used Crypt4U.

The Kelihos botnet has been active since at least 2010 and was one of the largest in the world. He was eliminated only in 2017, and then its operators controlled more than 60,000 infected devices. Up to this point, the botnet was used by both the authors themselves and other criminals who rented it to send millions of spam messages per hour.

Sentencing in both cases is scheduled for this fall, while Turcan has been released on bail in the amount of US $200,000.

Let me remind you that we also talked about the fact that One of WeLeakInfo operators sentenced to two years in prison.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button