Security News > 2021 > September > Ukrainian extradited for selling 2,000 stolen logins per week
The US Department of Justice has indicted a Ukrainian man for using a malware botnet to brute force computer logon credentials and then selling them on a criminal remote access marketplace.
While Ivanov-Tolpintsev allegedly operated online under multiple aliases, the DOJ used subpoenaed emails from Google to identify his real identity and a Jabber address used to communicate with representatives of the Marketplace.
Some threat actors used the "Marketplace" dark web site to sell stolen remote access credentials while other bought them for future cyberattacks.
Through Jabber chats obtained from an investigation into the Marketplace, the FBI could chronicle Ivanov-Tolpintsev's attempts to become a seller on the dark web marketplace.
In chats dated May 23, 2017, Ivanov-Tolpintsev asked about the requirements to become a seller on the Marketplace," explained a previous complaint out of the District of Florida.
The DOJ states that Ivanov-Tolpintsev claimed to brute force 2,000 logins per week using his botnet, which was then listed on a dark web remote access marketplace known as the "Marketplace."