The U.S. Department of Justice has announced the sentencing
of three members of the network behind the GozNym cyberattacks on U.S. entities
resulting in the theft of $100 million.
Krasimir Nikolov, 47, of Varna, Bulgaria, was sentenced on
December 16, 2019, in federal court in Pittsburgh to a period of time served. He
already served more than three years in prison following his conviction on
charges of criminal conspiracy, computer fraud, and bank fraud.
Nikolov’s role in the conspiracy was that of a
“casher” or “account takeover specialist.”
“In that capacity, Nikolov used victims’ stolen online
banking credentials captured by GozNym malware to access victims’ online bank
accounts and attempt to steal victims’ money through electronic transfers into
bank accounts controlled by fellow conspirators,” the DOJ said.
Nikolov conspired with fellow gang members charged in a
related Indictment announced in May 2019 in The Netherlands.
Alexander Konovolov, of Tbilisi, Georgia, was the primary
organizer and leader of the GozNym network. He assembled the team of cybercriminals
charged in the Indictment, in part through underground online criminal forums,
according to the press release.
Marat Kazandjian, of Kazakhstan and Tbilisi, Georgia, was
Konovolov’s primary assistant and technical administrator. Konovolov and Kazandjian
were arrested and prosecuted in Georgia for their roles in the GozNym criminal
network, in what the U.S. DOJ calls an unprecedented level of cooperation
between the FBI, the U.S. Attorney’s Office and Europol.
Konovolov was sentenced to five years and Kazandjian to seven,
the Georgia Prosecutor’s Office said in a press release.
The GozNym banking malware has been used aggressively against
businesses and financial institutions in multiple regions.
GozNym operators would infect computers – likely through spam campaigns – and capture victims’ online banking login credentials. They then used the credentials to access victims’ online bank accounts. After stealing the cash, operators would launder those funds using U.S. and foreign beneficiary bank accounts controlled by the defendants. A botnet of over 40,000 computers was used to siphon a total $100 million from victims, the Europol said in May.