Operator of the proxy botnet Russian2015 pleaded guilty

The US Department of Justice reported that Estonian citizen Pavel Tsurkan pleaded guilty to the creation and use of the Russian2015 proxy botnet, which consists of hacked routers that proxied malicious traffic for other criminals.

According to the investigation, Tsurkan controlled his botnet through the website russian2015.ru. Presumably, in order to create a botnet, he hacked into more than 1000 routers, which were then used by his clients as proxy servers (for example, to send spam).

Compromising routers led to the fact that victims had communication problems, and they also had significantly increased Internet bills. Essentially, the traffic grew up to 3-6 GB per day, and sometimes the victims received invoices for hundreds and even thousands of US dollars.

Let me remind you that Tsurcan was arrested in Estonia in 2019 and then extradited to the United States. After pleading guilty, he faces up to 10 years in prison. Last month, he also pleaded guilty to another case involving the Kelihos botnet and the use of the Crypt4U cryptor (which Kelihos used to hide payloads and evade detection). Moreover, Turcan also used Crypt4U.

The Kelihos botnet has been active since at least 2010 and was one of the largest in the world. He was eliminated only in 2017, and then its operators controlled more than 60,000 infected devices. Up to this point, the botnet was used by both the authors themselves and other criminals who rented it to send millions of spam messages per hour.

Sentencing in both cases is scheduled for this fall, while Turcan has been released on bail in the amount of US $200,000.

Let me remind you that we also talked about the fact that One of WeLeakInfo operators sentenced to two years in prison.