A 33-year-old citizen of Latvia, who lives in Moscow, Russia, has been charged in the United States with alleged data theft, extortion of victims and money laundering since August 2021.
Denis Zolotarov (aka Sforza_cesarini) was charged with conspiracy to launder money, fraud and extortion under the Hobbs Act. He was arrested in Georgia in December 2023 and was extradited to the United States this month.
“Zolatarov is a member of a known cybercriminal organization that attacks victims’ computer systems around the world,” the US Department of Justice said in a statement. said in a press release this week.
“Among other things, a Russian cybercriminal group steals victims’ data and threatens to release it if the victim doesn’t pay a ransom in cryptocurrency. The group maintains a leak and auction website that lists victim companies and offers stolen data for download.”
It is believed that Zolotarovu was an active member of the cybercriminal group, interacting with other gang members and laundering the ransom received from the victims.
Although the name of the cybercriminal syndicate was not mentioned by the Department of Justice, the complaint dated November 28, 2023. filed in U.S. District Court links the defendant to a data extortion group being tracked karakurtwhich arose as a breakaway group as a result of repression against Conti in 2022.
“Further analysis of Sforza’s messages (on Rocket.Chat) revealed that Sforza appears to have been responsible for conducting extortion negotiations with the Karakurts, as well as conducting open-source research to identify phone numbers, email addresses, or other accounts to which there could be casualties. were contacted and forced to either pay a ransom or re-enter a chat with a ransomware group,” the Federal Bureau of Investigation (FBI) said.
“Sforza also discussed efforts to recruit paid journalists to publish news articles about the victims to persuade the victims to take Karakurt’s extortion seriously.”
The FBI said in its complaint that it was able to link the online alias “Sforza_cesarini” to Denis Zalotariev by tracking bitcoin transfers made in September 2021 from a cryptocurrency wallet that was registered to an Apple iCloud account.
Law enforcement also said some of the illicit proceeds were laundered through multiple addresses before reaching a deposit address associated with Garantex, specifically a Bitcoin24.pro account with the same email address, prompting Apple to issue a warrant for search in September 2023. to retrieve records associated with an email address.
From information released by the tech giant, the FBI said that the Rocket.Chat instant messaging ID “Sforza_cesarini” was “accessed by the same IP addresses at or around the same time, multiple times, as those used to access dennis .zolotarjov. @icloud(.)com.”
Zolatarov is the first alleged member of the Karakurt group to be arrested and extradited to the United States, which could pave the way for the identification and prosecution of additional members in the future.
“Karakurt actors contacted the victims’ employees, business associates and customers with harassing emails and phone calls to coerce the victims into cooperating,” the US government said. said in the ballot last year. “The emails contained examples of stolen data such as Social Security numbers, billing statements, private company emails, and confidential business data belonging to employees or customers.”
