Ukrainian indicted for running brute-force botnet, selling hacked PC accounts

The US Department of Justice announced today the extradition of a Ukrainian national from Poland on charges of selling access to compromised computer systems via a specialized marketplace on the dark web.

Glib Oleksandr Ivanov-Tolpintsev, 28, of Chernivtsi, Ukraine, stands accused of creating a botnet of compromised computers across the world.

According to court documents [PDF], for more than four years, the suspect operated this botnet in order to execute brute-force attacks that decrypted and guessed login credentials for computers across the world (believed to be RDP accounts).

US officials said that once Ivanov-Tolpintsev successfully validated the compromised credentials, they were put up for sale on 

All validated credentials were then sold on a dark web marketplace dedicated to the sale of compromised computer accounts. US officials said Ivanov-Tolpintsev sold the login credentials of at least 2,000 computers every week.

"Once sold on this website, credentials were used to facilitate a wide range of illegal activity, including tax fraud and ransomware attacks," DOJ officials said in a press release.

Ivanov-Tolpintsev ran his operation from May 2016 to October 2020, when he was arrested in a small Polish village named Korczowa, just 1km away from the Polish-Ukrainian border.

Authorities said the Ukrainian faces up to 17 years in prison if found guilty on all charges, which include conspiracy, trafficking in unauthorized access devices, and trafficking in computer passwords.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.