Monday, February 17, 2025
HomeCyber CrimeTwo European Men Sentenced for Providing 'Bulletproof Hosting' to Hackers

Two European Men Sentenced for Providing ‘Bulletproof Hosting’ to Hackers

Published on

SIEM as a Service

Follow Us on Google News

Two European men were sentenced recently by a US court for giving Bulletproof Hosting services to the hackers, and all these blackhat services were used by the cybercriminals. These two European men are Estonian and Lithuanian natives, Pavel Stassi from Estonia, and Alexander Skorodumov from Lithuania. 

By exploiting these blackhat services hackers distribute the malware to organize attacks mainly on the companies and financial institutions that are organized in the United States.

According to the report, Stassi and Skorodumov both were members of an organization that provided “bulletproof hosting” services founded and run by two Russian citizens, Alexander Grichishkin and Andrey Skvortsov. 

Earlier, 30-year-old Pavel Stassi from Estonia and 33-year-old Alexander Skorodumov from Lithuania have already pleaded guilty. 

The hosting services they provided to hackers from 2009 to 2015 were in demand among the authors of malware targeting the financial institutions in the United States.

Here, the group leased the following things mentioned below:-

  • IP addresses
  • Servers
  • Domains 

All the above elements were used by the cybercriminals to spread malware like:-

  • Zeus
  • SpyEye
  • Citadel
  • Blackhole

In short, by using the above elements, malware, and malicious tools together they execute their attacks to hack the computers, generate botnets, and steal bank credentials.

Skorodumov, one of the leading admins of the hoster, set up and managed domains, IP addresses, and provided customers with support and advice on how they can optimize their malware and botnets.

While Stassi who mainly administered the marketing department has done several false advertisements and used stolen or fake information to register the hosting itself and even the organization’s financial accounts as well.

The defendants also helped their clients to avoid detection by law enforcement agencies by monitoring the blacklisting sites of technical infrastructure used to carry out cybercrime.

Apart from this, all these malware were used against American companies, and the attacks resulted in millions of dollars in losses. As a result, the former admins received 24 months (Stassi) and 48 months (Skorodumov) in prison.

Here, as a lead investigator, the FBI has played a key role and the FBI managed to do so with the help of law enforcement partners in the United Kingdom, Estonia, and Germany.

Looking for Best WAF Solutions for your web applications environment?? Register for Free WAF webinar & explore the experts thoughts and Choose the Best one.. Very limited seats available.. grab it here at .

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Android’s New Security Feature Prevents Sensitive Setting Changes During Calls

Phone scams are becoming more sophisticated with advancements in AI-driven speech tools, making it...

Hackers Exploit Microsoft Teams Invites to Gain Unauthorized Access

The Microsoft Threat Intelligence Center (MSTIC) has uncovered an ongoing and sophisticated phishing campaign...

Meta’s Bug Bounty Initiative Pays $2.3 Million to Security Researchers in 2024

Meta's commitment to cybersecurity took center stage in 2024 as the tech giant awarded...

Google Chrome Introduces AI to Block Malicious Websites and Downloads

Google has taken a significant step in enhancing internet safety by integrating artificial intelligence...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Palo Alto Firewall Flaw Exploited in RA World Ransomware Attacks

A recent ransomware attack leveraging a vulnerability in Palo Alto Networks' PAN-OS firewall software...

Salt Typhoon Hacked Nine U.S. Telecoms, Tactics and Techniques Revealed

Salt Typhoon, a state-sponsored Advanced Persistent Threat (APT) group linked to the People's Republic...

FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages

Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms....