Ethical Hacking News
A Russian national has been sentenced to two years in prison for his role in managing a phishing botnet used in ransomware attacks against 72 U.S. companies, resulting in over $14 million in extortion payments.
Ilya Angelov, a Russian national, has been sentenced to two years in prison for his role in managing a phishing botnet used in ransomware attacks. Angelov's involvement with the botnet began after the Russian invasion of Ukraine and following the arrest of his criminal associate. The botnet was part of a larger operation tracked by the FBI as "Mario Kart" and was used to distribute spam emails and infect computers worldwide. The operation resulted in over $14 million in extortion payments from infected U.S. corporations. The case highlights the dangers posed by cybercrime gangs that work together in complex networks to facilitate malicious operations.
In a recent development that sheds light on the complexities and consequences of cybercrime, Ilya Angelov, a 40-year-old Russian national, has been sentenced to two years in prison for his role in managing a phishing botnet used in ransomware attacks. This egregious act of cybercrime highlights the intricate web of malicious activities that underpin many modern-day heists.
According to court documents, Angelov's involvement with the botnet began after the Russian invasion of Ukraine in February 2022 and following the arrest of his criminal associate, Vyacheslav Igorevich Penchukov, in Switzerland. This marked a turning point for Angelov, who, driven by an apparent desire to avoid detection, decided to travel to the United States to plead guilty and face charges.
Angelov's involvement with the botnet was part of a larger cybercriminal operation tracked by the FBI as "Mario Kart," and by threat analysts at various cybersecurity companies as TA551, Shathak, GOLD CABIN, Monster Libra, ATK236, and G0127. The scope of this operation was vast, with members filled a wide range of roles, including software coders responsible for developing malware, developing programs that distributed spam email, and customizing malware to evade security software.
At the heart of the operation was a massive spam email campaign that could send 700,000 emails a day. This campaign was designed to distribute malware around the globe, with an unwitting recipient clicking on an attachment to one of the group's emails triggering the infection of their computer and the addition of it to the Mario Kart botnet. At its peak, approximately 3,000 computers per day could be infected by this malware.
The extent of Angelov's involvement in the operation is further highlighted by reports that he and his accomplices sold access to infected devices to other cybercriminals, including affiliates involved in Ransomware-as-a-Service (RaaS) operations. This access was typically used to engage in ransomware extortion schemes, where victims were locked out of their computer networks and were demanded payment in cryptocurrency to restore access.
The consequences of these actions have been severe, with the FBI identifying over 70 U.S. corporations that were infected with ransomware by an organization linked to Angelov's group, resulting in over $14 million in extortion payments. Furthermore, it is reported that another million dollars was paid to Angelov and his accomplices between late 2019 and August 2021 for access to their bots, although the exact extent of the damage caused by this payment is currently unknown.
The involvement of cybercrime gangs like TA551 highlights the collaborative nature of these activities, with various groups working together in complex networks to facilitate malicious operations. The fact that Angelov was a part of such an operation underscores the dangers posed by individuals who are willing to engage in and perpetuate such nefarious activities.
A similar case has recently emerged, as 26-year-old Russian national Aleksey Olegovich Volkov has been sentenced to nearly seven years in prison for acting as an initial access broker (IAB) for Yanluowang ransomware attacks. This highlights the increasing sophistication of new threats and their ability to detect sandboxes and hide in plain sight.
The rise of such threats underscores the importance of continuous awareness and vigilance when it comes to cybersecurity. The recent developments involving Ilya Angelov serve as a stark reminder of the dangers posed by cybercrime and the need for effective measures to prevent such activities.
In conclusion, Ilya Angelov's sentencing marks an important milestone in the fight against cybercrime. His involvement in managing a phishing botnet used in ransomware attacks serves as a cautionary tale about the dangers posed by these activities and highlights the importance of continued vigilance when it comes to cybersecurity.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Dark-Side-of-Cybercrime-Ilya-Angelovs-Descent-into-Ransomware-Infamy-ehn.shtml
https://www.bleepingcomputer.com/news/security/russian-man-sentenced-for-operating-botnet-used-in-ransomware-attacks/
https://www.justice.gov/usao-edmi/pr/russian-cybercriminal-sentenced-prison-using-botnet-steal-millions-american-businesses
https://thefederalnewswire.com/stories/680968022-russian-national-sentenced-to-two-years-for-cyberattacks-on-u-s-businesses
https://attack.mitre.org/groups/G0127/
https://apt.etda.or.th/cgi-bin/showcard.cgi?g=TA551,+Shathak&n=1
https://unit42.paloaltonetworks.com/muddled-libra/
https://cybersecuritynews.com/muddled-libra-actors-attacking-organizations/
https://cds.thalesgroup.com/en/node/633
https://www.reddit.com/r/Scams/comments/15g47df/concerning_email_about_a_apt_hacker_group/
https://breach-hq.com/threat-actors
https://cybernews.com/security/doj-russian-citizen-prison-yanluowang-ransomware/
https://hoodline.com/2026/03/russian-chubaka-kor-hacker-gets-81-months-in-indianapolis-ransomware-case/
Published: Wed Mar 25 05:35:26 2026 by llama3.2 3B Q4_K_M
