Four individuals have pleaded guilty in the US to running a bulletproof hosting service used by the likes of Zeus, SpyEye, and Citadel Trojans and the Blackhole exploit operators to launch cyberattacks against US companies and financial organizations among other victims.
The US Department of Justice (DoJ) charged Russian nationals Aleksandr Grichishkin and Andrei Skvortsov, Lithuanian Aleksandr Skorodumov, and Estonian Pavel Stassi for operating a bulletproof hosting service between 2009 and 2015. Additionally, the above individuals have been charged with engaging in a Racketeer Influenced Corrupt Organization (RICO).
Bulletproof hosting is a hosting service that allows that its customers use their rented domains for illegal activities and hosting illegal content.
Such services allow copyright infringement, privacy is an added feature of such services, and cybercriminals are allowed to use its infrastructure to host malware, command-and-control (C2) servers, and content like malicious software or child pornography.
According to the DoJ, the group rented out servers and domains that were used in criminal campaigns including attacks against US companies and financial organizations.
“A key service provided by the defendants was helping their clients to evade detection by law enforcement and continue their crimes uninterrupted; the defendants did so by monitoring sites used to blocklist technical infrastructure used for crime, moving “flagged” content to new infrastructure, and registering all such infrastructure under false or stolen identities,” prosecutors said.
All four have pleaded guilty in the US District Court in the Eastern District of Michigan to one count of the RICO charge. Each of the charged individuals may face up to 20 years in prison. Sentencing in court has been slated for different dates between June and September.
The FBI investigated the case jointly with law enforcement agencies from Germany, Estonia, and the UK.
