Deniss Zolotarjovs, a 33-year-old Latvian hacker known by the alias Sforza_cesarini, has been extradited to the United States. Zolotarjovs, arrested in Georgia in December 2023, stands accused of playing a key role in the Karakurt cybercrime group.
The Karakurt cybercrime group, infamous for its sophisticated data extortion tactics, has been a major concern for global security agencies. The group’s activities, which date back to at least August 2021, involve stealing sensitive data from victims worldwide, demanding ransoms in cryptocurrency, and laundering the illicit proceeds.
The group maintains a data leak and auction website listing stolen data for download and auction, further exacerbating the threat posed by their operations.
Deniss Zolotarjovs and the Karakurt Cybercrime Group
According to the U.S. Department of Justice (DoJ), Zolotarjovs is charged with conspiring to commit money laundering, wire fraud, and Hobbs Act extortion. The indictment alleges that he was heavily involved in stealing data, extorting victims, and laundering ransom payments.
The Karakurt group’s modus operandi typically involves stealing data without encrypting the victim’s systems and then threatening to release or auction off the stolen information unless a ransom is paid. Ransoms demanded by the group have ranged from $25,000 to $13 million in Bitcoin, with deadlines often set within a week of contact.
Zolotarjovs’s arrest and extradition are significant milestones in the ongoing efforts to dismantle the Karakurt group’s operations. U.S. Attorney Kenneth L. Parker and FBI Special Agent in Charge Elena Iatarola praised the collaborative efforts of the FBI offices in Cleveland, San Diego, Richmond, and Salt Lake City, as well as Georgian authorities, for their roles in bringing Zolotarjovs to justice. The Justice Department’s Office of International Affairs played a crucial role in facilitating his extradition.
The Rise of Karakurt Cybercrime Group
The Karakurt cybercrime group’s activities were further detailed in a joint Cybersecurity Advisory (CSA) released in December 2023 by the FBI, Cybersecurity and Infrastructure Security Agency (CISA), Department of the Treasury, and Financial Crimes Enforcement Network (FinCEN).
This advisory outlined the group’s tactics, techniques, and procedures (TTPs), highlighting their use of harassing emails and phone calls to pressure victims into paying ransom. The advisory also noted that prior to January 2022, Karakurt operated a leaks and auction website, which has since moved to the dark web following the original site’s takedown.
The indictment of Zolotarjovs highlights the growing international collaboration in combating cybercrime and addressing the threats posed by sophisticated criminal organizations like Karakurt. While the charges against Zolotarjovs are serious, it is important to remember that an indictment is based on allegations and that the accused is presumed innocent until proven guilty in a court of law.