Ukrainian indicted for running brute-force botnet, selling hacked PC accounts

The US Department of Justice announced today the extradition of a Ukrainian national from Poland on charges of selling access to compromised computer systems via a specialized marketplace on the dark web.

Glib Oleksandr Ivanov-Tolpintsev, 28, of Chernivtsi, Ukraine, stands accused of creating a botnet of compromised computers across the world.

According to court documents [PDF], for more than four years, the suspect operated this botnet in order to execute brute-force attacks that decrypted and guessed login credentials for computers across the world (believed to be RDP accounts).

US officials said that once Ivanov-Tolpintsev successfully validated the compromised credentials, they were put up for sale on 

All validated credentials were then sold on a dark web marketplace dedicated to the sale of compromised computer accounts. US officials said Ivanov-Tolpintsev sold the login credentials of at least 2,000 computers every week.

“Once sold on this website, credentials were used to facilitate a wide range of illegal activity, including tax fraud and ransomware attacks,” DOJ officials said in a press release.

Ivanov-Tolpintsev ran his operation from May 2016 to October 2020, when he was arrested in a small Polish village named Korczowa, just 1km away from the Polish-Ukrainian border.

Authorities said the Ukrainian faces up to 17 years in prison if found guilty on all charges, which include conspiracy, trafficking in unauthorized access devices, and trafficking in computer passwords.

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.

Recent Posts

Ransomware gangs are abusing a zero-day in EntroLink VPN appliances

Multiple ransomware gangs have weaponized and are abusing a zero-day in EntroLink VPN appliances after…

2 hours ago

Air War College professor pleads guilty to hiding contacts with Chinese official

A civilian professor at the Air War College on Maxwell Air Force Base in Montgomery,…

2 hours ago

Hackers use SQL injection bug in BillQuick billing app to deploy ransomware

At least one hacking group is exploiting a security flaw in a popular billing software…

5 hours ago

Microsoft says Russia hacked at least 14 IT service providers this year

Microsoft said on Monday that a Russian state-sponsored hacking group known as Nobelium had attacked…

5 hours ago

Decrypter announced for past BlackMatter ransomware victims

Antivirus maker and cybersecurity firm Emsisoft announced today the availability of a free decryption utility…

1 day ago

Malware found in npm package with millions of weekly downloads

A massively popular JavaScript library (npm package) was hacked today and modified with malicious code…

3 days ago