Moldovan charged for operating botnet used to push ransomware


The U.S. Justice Department charged Moldovan national Alexander Lefterov, the owner and operator of a large-scale botnet that infected thousands of computers across the United States.

Also known as Alipako, Uptime, and Alipatime, the 37-year-old man from Chisinau was indicted in December 2021 for aggravated identity theft, computer fraud, and conspiracy to commit wire fraud.

The nine-count indictment, unsealed on Tuesday, reveals that Lefterov and his henchmen used malware to steal credentials from the infected devices.

With the help of the harvested login information, they also stole the victims' money by accessing their accounts on financial, payment processing, and retail platforms.

Infected computers could also be accessed directly using a hidden virtual network computing (hVNC) server without the owners' knowledge.

Direct access via the hVNC server allowed Lefterov and the conspirators to connect to their victims' online accounts using web browsers on the infected devices, which the accessed online platforms would recognize as a trusted connection.

ALEXANDER LEFTEROV wanted posterAlexander Lefterov wanted poster (FBI)

Botnet provided ransomware gangs access to victims' networks

The conspirators also provided other cybercriminals access to the botnet via the same hVNC server, allowing them to breach and deploy malware on victims' networks.

"To further monetize the scheme, Lefterov allegedly leased the botnet to other co-conspirators by providing them access to infected computers as well as to the victims' stolen credentials," according to the Justice Department.

"Lefterov and his co-conspirators also provided access to the botnet for the purpose of distributing malware, including ransomware, to infected computers within the botnet."

Lefterov allegedly received a percentage of the profits from the unnamed botnet he owned and operated.

The penalties for computer fraud, unauthorized access to a protected computer, wire fraud, intentional damage to a protected computer, and aggravated identity theft charges vary from 2 to 10 years in prison, depending on the offense.

However, the final sentence will depend on the severity of the crimes and the defendant's criminal history, if any.

"Protecting Americans in cyber space is a top priority, and we will aggressively pursue anyone, no matter if they're on U.S. soil or overseas, who believes our population is an easy target," said FBI Special Agent Kevin Rojek.

"The FBI and our partners will continue investigating the sources behind malware intrusions and the hijacking of machines for malicious attacks against Americans online."