Home » Cybersecurity » Malware » GozNym cyberattackers sentenced in Pittsburgh and Tbilisi, Georgia

GozNym cyberattackers sentenced in Pittsburgh and Tbilisi, Georgia

by Filip Truta on December 23, 2019

The U.S. Department of Justice has announced the sentencing of three members of the network behind the GozNym cyberattacks on U.S. entities resulting in the theft of $100 million.

Krasimir Nikolov, 47, of Varna, Bulgaria, was sentenced on December 16, 2019, in federal court in Pittsburgh to a period of time served. He already served more than three years in prison following his conviction on charges of criminal conspiracy, computer fraud, and bank fraud.

Nikolov’s role in the conspiracy was that of a “casher” or “account takeover specialist.”

“In that capacity, Nikolov used victims’ stolen online banking credentials captured by GozNym malware to access victims’ online bank accounts and attempt to steal victims’ money through electronic transfers into bank accounts controlled by fellow conspirators,” the DOJ said.

Sponsorships Available

Nikolov conspired with fellow gang members charged in a related Indictment announced in May 2019 in The Netherlands.

Alexander Konovolov, of Tbilisi, Georgia, was the primary organizer and leader of the GozNym network. He assembled the team of cybercriminals charged in the Indictment, in part through underground online criminal forums, according to the press release.

Marat Kazandjian, of Kazakhstan and Tbilisi, Georgia, was Konovolov’s primary assistant and technical administrator. Konovolov and Kazandjian were arrested and prosecuted in Georgia for their roles in the GozNym criminal network, in what the U.S. DOJ calls an unprecedented level of cooperation between the FBI, the U.S. Attorney’s Office and Europol.

Konovolov was sentenced to five years and Kazandjian to seven, the Georgia Prosecutor’s Office said in a press release.

The GozNym banking malware has been used aggressively against businesses and financial institutions in multiple regions.

GozNym operators would infect computers – likely through spam campaigns – and capture victims’ online banking login credentials. They then used the credentials to access victims’ online bank accounts. After stealing the cash, operators would launder those funds using U.S. and foreign beneficiary bank accounts controlled by the defendants. A botnet of over 40,000 computers was used to siphon a total $100 million from victims, the Europol said in May.