Article Details
Scrape Timestamp (UTC): 2024-05-28 18:33:21.930
Original Article Text
Click to Toggle View
Russian indicted for selling access to US corporate networks. A 31-year-old Russian national named Evgeniy Doroshenko has been indicted for wire and computer fraud in the United States for allegedly acting as an "initial access broker" from February 2019 to May 2024. An initial access broker (IAB) is a threat actor who breaches corporate networks and then sells that access to other threat actors, who commonly use the access to conduct data theft or ransomware attacks. Doroshenko, allegedly known online by the aliases "FlankerWWH" and "Flanker," is accused of gaining unauthorized access to corporate networks and then offering to sell this access on Russian-language cybercrime forums. "From February 2019 to May 2024, Doroshenko devised a scheme whereby he gained unlawful access to victim computer systems and sold this access to others for a profit through a Russian language cybercrime forum located on the dark web," reads the U.S. Department of Justice announcement. The indictment mentions an incident from January 2024 when the FlankerWWH alias attempted to sell access to the network of a company in Bergen County, New Jersey. Using KELA's cyber-intelligence tools, BleepingComputer was able to locate what we believe may be the particular auction for this company, where the threat actor set the starting price at $3,000 with $500 increments, and a "flash sale" (buy now) figure at $6,000. From the historical data of FlankerWWH's activity, the threat actor's preferred attack method was breaching networks by brute-forcing exposed Remote Desktop Protocol services. Moreover, the same user was spotted requesting help cracking NTLM hashes, which were likely obtained after breaching a network. Using Flare's threat intelligence system, BleepingComputer found additional posts by the threat actor asking for help removing passwords from Excel spreadsheets and advice on contacting the developer of a keylogger. In addition to all the above, the indictment also mentions a case where Doroshenko stole information from one of the systems he breached, valued at over $5,000. The wire fraud charge carries a maximum sentence of 20 years in prison and a fine of $250,000, while the computer fraud charge is punishable by up to five years of imprisonment and a similar fine. For now, though, the suspect hasn't been arrested, and given that he is based in Russia, it seems unlikely that he will ever be unless he leaves the country.
Daily Brief Summary
Evgeniy Doroshenko, a 31-year-old Russian national, has been indicted in the U.S. for wire and computer fraud from February 2019 to May 2024.
Doroshenko operated as an "initial access broker," infiltrating corporate networks and then selling access to these networks on Russian cybercrime forums.
He used the online aliases "FlankerWWH" and "Flanker" to carry out his operations, often utilizing brute-force attacks on Remote Desktop Protocol services.
One highlighted case involved offering access to a New Jersey company's network with bids starting at $3,000 and a "buy now" price of $6,000.
The indictment includes an instance where Doroshenko extracted data valued over $5,000 from one of the compromised systems.
Wire fraud charges against Doroshenko carry a potential penalty of 20 years in prison and a $250,000 fine, while computer fraud could lead to five years in prison and similar fines.
Doroshenko remains at large, likely in Russia, raising doubts about the feasibility of his extradition and arrest.