Latvian Cybersecurity Expert Extradited to U.S. for Involvement in Karakurt Cybercrime Organization
A thirty-three-year-old Latvian citizen residing in Moscow, Russia, has been indicted in the United States for purportedly pilfering information, blackmailing victims, and legitimizing ransom payouts since August 2021.
Deniss Zolotarjovs (also known as Sforza_cesarini) faces accusations of coordinating money laundering, wire fraud, and Hobbs Act extortion. He was apprehended in Georgia in December 2023 and subsequently transferred to the U.S. earlier this month.
“Zolotarjovs is a participant in a recognized cybercriminal faction that assaults the computer systems of targeted victims globally,” as reported by a recent press release from the U.S. Department of Justice (DoJ) stated.
“One of the activities performed by this Russian cybercrime syndicate is to pilfer victim data and hold it for ransom in cryptocurrency. This faction operates a leak and auction platform where they display victim organizations and present the stolen data for download.”
Zolotarjovs is suspected to have played an active role within the e-crime collective, interacting with other cohorts and cleaning the ransom payments obtained from victims.
Even though the DoJ did not disclose the name of the cybercrime syndicate, a complaint dated November 28, 2023, lodged in the U.S. District Court connects the defendant with a data extortion group identified as Karakurt, which surfaced as a separate entity following the suppression of Conti in 2022.
“Further examination of Sforza’s interactions [on Rocket.Chat] indicated Sforza seemed to be responsible for negotiating victim cold case extortions for Karakurt, as well as conducting research to identify contact information such as phone numbers, emails, or social media accounts through which victims could be approached and coerced into either meeting ransom demands or engaging with the ransomware squad,” declared the Federal Bureau of Investigation (FBI).
“Sforza also discussed strategies to hire journalists to publish news stories about victims in a bid to compel them to take Karakurt’s extortion demands seriously.”
As stated in their formal complaint, the FBI was able to connect the online pseudonym “Sforza_cesarini” to Deniss Zolotarjovs by tracing Bitcoin transactions executed in…
According to information provided by the tech powerhouse, the FBI revealed that the Rocket.Chat instant messaging account ID “Sforza_cesarini” was “accessed from the same IP addresses at approximately identical times, on multiple occasions, as the ones used to log into dennis.zolotarjov@icloud[.]com.”
Zolotarjovs represents the initial alleged member of Karakurt to be detained and transferred to the U.S., a triumph that may lay the groundwork for the exposure and prosecution of additional members in the future.
“Karakurt operators have been reaching out to employees, business associates, and customers of victims through harassing emails and phone calls to coerce the victims into compliance,” the U.S. government announced in a statement last year. “The emails have contained instances of purloined information, such as social security numbers, financial accounts, private company emails, and confidential corporate data regarding employees or clients.”
About Author
