A Russian malware developer accused of creating and selling the NLBrute password-cracking tool was extradited to the United States after being arrested in the Republic of Georgia last year on October 4.
Also known as dpxaker, Dariy Pankov is now charged with access device fraud and computer fraud and faces a maximum sentence of 47 years in federal prison if convicted on all counts.
“The powerful malware was capable of compromising protected computers by decrypting login credentials, such as passwords,” the Justice Department said in a press release on Wednesday.
“Pankov used NLBrute to obtain the login credentials of tens of thousands of computers located all over the world. He marketed, sold, and had others sell on his behalf, NLBrute to other cybercriminals for a fee.”
The suspect also sold credentials he stole from his victims on a dark web marketplace where cybercriminals were selling access to compromised devices and networks.
Those who bought the stolen login information used it in various malicious campaigns, ranging from tax fraud and ransomware attacks.
At least $350,000 obtained from selling stolen credentials
The investigators could trace $358,437 withdrawn by Pankov from the illegal marketplace between August 2016 and January 2019, obtained from selling access to hacked computers.
According to the indictment, among the tens of thousands of stolen credentials he put for sale, the defendant also sold the login information of a law firm in the Middle District of Florida to an undercover law-enforcement officer for $19.25 on June 15, 2018.
NLBrute was also used by threat actors linked to multiple Ransomware-as-a-Service (RaaS) operations, including REvil, Dharma, and Netwalker, to brute force their way into victims’ Remote Desktop Protocol (RDP) servers and further compromise their networks.
Last week, the Justice Department announced that Russian national Vladislav Klyushin was convicted of his involvement in a hacking scheme that led to $90 million in illegal profits via securities trades based on non-public info stolen from U.S. networks.
In January, the Russian founder of the Hong Kong-registered cryptocurrency exchange Bitzlato was also arrested and charged with helping cybercriminals launder illegally obtained money.