Andrey Turchin, 37, is accused of orchestrating a worldwide hacking campaign
A Kazakhstan citizen has been charged in the US with multiple counts of computer fraud, wire fraud, and conspiracy to hack corporate networks in more than 40 countries.
Andrey Turchin, 37, known online as ‘fxmsp’, is accused of hacking into networks to plant backdoors, later selling access to these targets on cybercrime forums.
Turchin, together with an unnamed accomplice, targeted corporate entities, educational institutions, and government networks worldwide, the US Department of Justice alleges.
These actions resulted in a number of cyber-attacks and frauds, according to an indictment that was unsealed in the US Attorney’s Office in the Western District of Washington yesterday (July 7).
US prosecutors allege that Turchin and his accomplices established a hacking enterprise targeting hundreds of victims across six continents from October 2017 until December 2018.
The cybercrime group allegedly used a number of hacking techniques to gain access to victims’ networks and deploy malware.
In one instance, the US court claims they “used specially designed code to scan the internet and conduct brute-force attacks to initially compromise victim networks”.
The indictment reads: “Once inside the victim’s system, he moved laterally throughout the network and deployed additional malicious code to locate and steal administrative credentials and establish persistent access.
“The conspirators often modified antivirus software settings to allow malware to continue to run undetected.”
Law enforcement cooperation
US FBI investigators worked together with the UK’s National Crime Agency and the National Security Committee of the Republic of Kazakhstan to track down Turchin and his alleged co-conspirator, who has not been named.
“Cybercrime knows no international borders, and stopping these crimes requires cooperation between an array of international partners. I commend Kazakhstan for its assistance in this investigation,” said US attorney Brian Moran.
“I am hopeful these critical international partnerships between cybercrime investigators will lead to holding Andrey Turchin accountable in a court of law.”
Turchin is charged with one count of conspiracy to commit computer hacking, two counts of computer fraud and abuse (hacking), conspiracy to commit wire fraud, and access to device fraud.
All five counts total a possible 50-year prison sentence.
“The charges contained in the indictment are only allegations. A person is presumed innocent unless and until he or she is proven guilty beyond a reasonable doubt in a court of law,” the indictment adds.