US judge sentences duo for roles in running bulletproof hosting service

A US judge has sentenced two Eastern European men for operating a bulletproof hosting service leveraged by cybercriminals to deploy malware.

On Wednesday, the US Department of Justice (DoJ) said that Pavel Stassi and Aleksandr Skorodumov, of Estonia and Lithuania, have now been jailed for 24 months and 48 months, respectively. 

The 30 and 33-year-old duo were accused of providing online hosting services that are known as bulletproof — a popular option for cybercriminals who need a host that will turn a blind eye to criminal activity. 

Bulletproof hosting providers, often found on the Dark Web, may host malware, explicit abuse material, or e-commerce platforms offering illegal wares such as criminal hacking tools, drugs, and weaponry. 

In this case, the bulletproof host was used to store malware payloads including Zeus, SpyEye, Citadel, and the Blackhole exploit kit. 

The DoJ says that between 2009 and 2015, Stassi and Skorodumov, together with co-defendants Aleksandr Grichishkin and Andrei Skvortsov from Russia, rented servers and domains to threat actors. 

The infrastructure was used to host malware utilized in campaigns against financial institutions and other victims, leading to the theft and attempted theft of “millions of dollars” in the United States alone. In addition, the bulletproof

Read More: