The FBI has arrested a Russian national who recently traveled to the United States and offered $1 million in bribe to an employee of a targeted company for his help in installing malware into the company's computer network manually.
Egor Igorevich Kriuchkov, 27-year-old, entered the United States as a tourist and was arrested in Los Angeles after meeting with the unnamed employee of an undisclosed Nevada-based company numerous times, between August 1 to August 21, to discuss the conspiracy.
"On or about July 16, EGOR IGOREVICH KRIUCHKOV used his WhatsApp account to contact the employee of victim company and arranged to visit in person in the District of Nevada," the court documents say.
"On or about July 28, EGOR IGOREVICH KRIUCHKOV entered the United States using his Russian Passport and a B1/B2 tourist visa."
Kriuchkov also asked the employee to participate in developing tailored malware by sharing information about the company's infrastructure.
According to court documents released by the US Justice Department, the malicious software Kriuchkov asked to install aims to extract data from the company's network, allowing attackers to threaten it later to make the information public unless it pays a ransom.
Kriuchkov and his co-conspirators in Russia promised the employee to pay $1 million in Bitcoins after successfully planting the said malware and offered to launch a DDoS attack on the company's network to divert attention from the malware.
"If CHS1 [employee] agreed to this arrangement, the group would provide the malware to CHS1 [employee] in either a thumb drive to be inserted into a computer's USB drive or an email with an attachment containing malware."
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
"The unidentified co-conspirator discussed various means by which to pay the employee, including payments using cryptocurrency, a guarantor security deposit, or cash."
"After being contacted by the FBI, Kriuchkov drove overnight from Reno, Nevada, to Los Angeles. Kriuchkov asked an acquaintance to purchase an airline ticket for him in an attempt to fly out of the country," the United States agencies say.
After getting arrested by the FBI, who was conducting physical surveillance of Kriuchkov and his meetings, he listed prior companies the gang had targeted and also revealed that each of these targeted companies had a person working at those companies who installed malware on behalf of the gang.
To be noted, it's quite possible that a few high-profile ransomware and data breach attacks might have been executing in the same way by conspiring with the insiders.
Kriuchkov has been charged with one count of conspiracy to cause damage to a protected computer intentionally.