Russian Hacker Sentenced to Prison for Cyberattacks Conducted by TA551 Botnet

Russian National Sentenced to Prison for Managing Botnet Used in Ransomware Attacks

The U.S. Department of Justice (DoJ) has announced that a Russian national, Ilya Angelov, has been sentenced to two years in prison for his involvement in managing a botnet used to launch ransomware attacks against U.S. companies. Angelov, also known by online aliases “milan” and “okart,” was fined $100,000 for his role in co-managing the Russia-based cybercriminal group TA551 between 2017 and 2021.

According to the DoJ, Angelov’s group built a botnet by distributing malware-infected files through spam emails and monetized it by selling access to compromised computers. The group developed programs to distribute spam email, refined malware to evade security tools, recruited members, and oversaw various activities, including uploading malicious software through a backdoor to victims’ computers.

The primary objective of these attacks was to resell access to other criminal groups for ransomware extortion schemes. TA551 provided access to its botnet to the BitPaymer ransomware group, resulting in 72 U.S. corporations being infected and over $14.17 million in extortion payments between August 2018 and December 2019.

In late 2019 or early 2020, the operators of the IcedID malware paid Angelov’s group over a million dollars to acquire access to the botnet and distribute ransomware. This collaboration lasted until about August 2021, as reported by the U.S. Federal Bureau of Investigation (FBI).

A report by Mandiant revealed that TA551 used phishing emails containing password-protected archives to deploy malware, including a macro downloader named MOUSEISLAND and a secondary payload called PHOTOLOADER, which installed IcedID. The operators of TrickBot trojan teamed up with TA551 to distribute Conti Ransomware, and the Lockean ransomware gang used TA551’s distribution services following the takedown of the Emotet botnet.

U.S. Attorney Jerome F. Gorgon Jr. stated, “Foreign cybercriminals like this defendant target American citizens and corporations with sophisticated methods to rip-off and harm us.”

These developments come after another Russian national, Aleksei Olegovich Volkov, was sentenced to nearly 7 years in prison for acting as an initial access broker for Yanluowang ransomware attacks targeting U.S. companies.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter, and LinkedIn for more exclusive content.