34-year-old Russian Aleksandr Grichishkin, the founder of a bulletproof hosting service, was sentenced to 60 months in prison for allowing cybercrime gangs to use the platform in attacks targeting US financial institutions between 2008 to 2015.
Grichishkin, who was also the organization’s leader, provided multiple cybercrime operations with the infrastructure (IP addresses, servers, and domains) needed to distribute malware, host phishing kits, breach targets’ networks, build botnets, and steal banking credentials.
According to the sentencing memorandum, malware hosted on the organization’s bulletproof hosting platform—including Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit—was used in attacks against U.S. organizations and caused millions of dollars in losses.
As revealed in court documents, the US Federal Deposit Insurance Corporation (FDIC) estimated that just SpyEye and Zeus attacks caused roughly $64 million in damages to banks and their corporate clients in a single year, based on incidents in 2011.
He also aided cybercrime clients to register new infrastructure using false or stolen identities to circumvent law enforcement efforts to block their attacks.