A Hacker Who Used SQL Injection Gets 69 Months In Prison
Read also: Germany disrupts the BadBox malware operation, Raccoon malware operator sentenced, and more.
Thursday, December 19, 2024
A hacker who used SQL injection to steal credit card data gets 69 months in prison
Vitalii Antonenko, a Ukrainian national, was sentenced to 69 months and 18 days in a US prison for his role in a sophisticated hacking and money laundering scheme. Following his time served, Antonenko will face three years of supervised release and must pay approximately $1.8 million in restitution.
Antonenko pleaded guilty in September 2024 to one count of conspiracy to gain unauthorized access to computer networks and traffic in unauthorized access devices, as well as one count of conspiracy to commit money laundering. When he was arrested in March 2019, Antonenko was carrying computers and digital media containing hundreds of thousands of stolen payment card numbers.
According to court documents, Antonenko and his co-conspirators exploited security vulnerabilities in computer networks using a hacking technique known as an “SQL injection attack.” This allowed them to gain unauthorized access to databases containing payment card data, such as account numbers, expiration dates, and card verification values, as well as other personally identifiable information (PII).
The stolen data was sold on online criminal marketplaces. Antonenko and his associates laundered the proceeds using a combination of Bitcoin, bank transfers, and cash transactions to obscure the funds' origins and destinations.
The US dismantles the cybercrime market Rydox
US authorities took down Rydox, an illicit online marketplace known for selling stolen personal information, access devices, and tools used for cybercrime and fraud. Three administrators of the site, all Kosovo nationals, were arrested in coordinated operations involving US and international law enforcement.
Ardit Kutleshi, 26, and Jetmir Kutleshi, 28, were apprehended in Kosovo by local law enforcement acting on a US extradition request. The two suspects are currently awaiting extradition to the United States, where they face charges. A third administrator, Shpend Sokoli, was arrested in Albania by the country’s Special Anti-Corruption Body (SPAK) and is expected to be prosecuted in Albania for his involvement in Rydox’s operations.
According to the indictment, the Rydox marketplace facilitated over 7,600 sales of personally identifiable information (PII), stolen access devices, and cybercrime tools since its launch in February 2016, generating at least $230,000 in revenue. The platform served over 18,000 users and listed at least 320,000 cybercrime-related products.
As part of the operation, the US seized the domain www[.]Rydox[.]cc, which hosted the marketplace. The FBI, in collaboration with the Royal Malaysian Police, also seized servers in Kuala Lumpur that hosted the website. Additionally, around $225,000 in cryptocurrency linked to accounts controlled by the defendants was seized.
Germany disrupts BadBox malware operation, impacting 30,000 Android devices
Germany's Federal Office for Information Security (BSI) has disrupted the BadBox malware operation, which was found pre-installed on over 30,000 Android-based IoT devices sold in Germany.
Typically, BadBox comes embedded in a device's firmware. Once the infected device connects to the internet, the malware contacts a remote command-and-control (C2) server operated by threat actors.
First spotted in October 2023, the BadBox malware spread through malicious Android and iOS apps and Android TV streaming box firmware, creating a botnet of over 280,000 devices globally. The botnet’s operations have been linked to China.
To disrupt the operation, BSI performed DNS sinkholing, a technique that reroutes the malware's communication to servers controlled by authorities instead of the attackers' C2 servers. The sinkholing action blocks the malware from receiving commands or transmitting stolen data.
Cybersecurity Compliance
Prevent data breaches and meet regulatory requirements
Raccoon MaaS operator sentenced to 60 months in US prison
Mark Sokolovsky, the operator of the Raccoon Infostealer malware-as-a-service operation, has been sentenced in the US to 60 months in prison. Earlier this year, Sokolovsky pleaded guilty to conspiracy to commit computer intrusion.
According to court documents, Sokolovsky was a key player in the Raccoon Infostealer operation, offering the malware to criminals worldwide on a subscription basis for about $200 per month. The malware was used by cybercriminals to conduct data theft attacks, with the stolen information (ranging from login credentials and financial details to personal records) being used for financial crimes or sold on underground cybercrime forums.
In March 2022, Dutch authorities arrested Sokolovsky while the FBI, along with Italian and Dutch law enforcement, dismantled the infrastructure supporting Raccoon Infostealer.
Sokolovsky was extradited to the United States in February 2024 to face charges, including fraud, money laundering, and aggravated identity theft.
As part of his plea agreement in October, Sokolovsky agreed to forfeit $23,975 and pay restitution totaling at least $910,000 to his victims.Almost 800 arrested in a crackdown on cybercrime and cryptocurrency investment fraud
Nigeria’s Economic and Financial Crimes Commission (EFCC) has dismantled an international cybercrime and cryptocurrency investment fraud syndicate operating from Lagos. The operation has resulted in the arrest of 792 suspects, including 193 foreign nationals from China, the Philippines, Pakistan, Indonesia, and Kharzartan, along with Nigerian accomplices.
The syndicate orchestrated sophisticated romance scams and fraudulent cryptocurrency investment schemes targeting victims in the United States, Canada, Mexico, and Europe. The operation involved a fake online platform, requiring activation fees starting at $35.
The building, disguised as a legitimate corporate office, served as a training hub where Nigerian recruits were taught to impersonate foreign women, engage in romantic conversations, and lure victims into investing in the fake cryptocurrency schemes. The EFCC recovered high-end desktop computers, over 500 SIM cards linked to Nigerian telecom networks, mobile devices, laptops, and vehicles during the raid.
Nigerian recruits were selected based on computer skills and underwent a two-week training program. They initiated contact with victims via platforms like WhatsApp, Instagram, and Telegram, handing over the defrauding process to foreign handlers. Payments to recruits were made in cash or through personal accounts, authorities said.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
The award-winning ImmuniWeb® AI Platform helps over 1,000 companies from over 50 countries to test, secure and protect their web and mobile applications, APIs and microservices, cloud and networks, to prevent data breaches and reduce third-party risk, and to comply with regulatory requirements. 
