Related Content
Press Release
PITTSBURGH – A Bulgarian man has been indicted by a federal grand jury in Pittsburgh in connection with a sophisticated malware package known as GozNym, designed to steal banking credentials and other confidential personal information from infected computers, Acting United States Attorney Soo C. Song announced today.
The six-count indictment, returned on Oct. 4, 2016, and unsealed today, named Krasimir Nikolov, age 44, of Varna, Bulgaria, as the sole defendant. Count One charges Nikolov with criminal conspiracy; Count Two charges unauthorized access of a computer to obtain financial information; and Counts Three through Six charge bank fraud. The indictment alleges that Nikolov acquired victims’ stolen banking credentials through GozNym malware infections of victims’ computers to gain unauthorized access to victims’ online bank accounts from which electronic funds transfers were issued or attempted to be issued.
According to Acting U.S. Attorney Song, GozNym malware has been used to target private businesses and their respective financial institutions in the United States since late 2015. Victims receive phishing emails containing a hyperlink or an attachment designed to look like a legitimate business invoice. By clicking on the hyperlink or attachment, the victim’s computer becomes infected with GozNym malware. The malware steals the victim’s online banking login credentials which the criminals then use to access the victim’s bank account and issue unauthorized wire transfers.
Last week Acting U.S. Attorney Song and other members of the Justice Department announced a multi-national operation to dismantle a complex and sophisticated criminal network known as Avalanche which hosted more than two dozen of the world’s most pernicious types of malware, to include GozNym, and several money laundering campaigns. The prosecution of Krasimir Nikolov stems from the criminal investigation into the Avalanche network and the malware campaigns it hosted.
Among the numerous GozNym attacks that occurred throughout the United States, the indictment names the following:
Acting U.S. Attorney Song praised the diligence and quick action of the victims and their respective banks in discovering the fraudulent wire transfers and recalling the funds before they were lost.
Nikolov was arrested at his residence in Varna, Bulgaria, on September 8, 2016. He was extradited to the United States over the past weekend, and made his initial appearance in federal court in Western Pennsylvania today at 3:30 p.m.
The law provides for a maximum total sentence of up to 100 years in prison and a fine of $3,500,000. Under the Federal Sentencing Guidelines, the actual sentence imposed would be based upon the seriousness of the offense and the prior criminal history of the defendant.
Assistant United States Attorney Charles Eberle of the Western District of Pennsylvania and Senior Trial Attorney Richard D. Green of the Justice Department’s Computer Crimes and Intellectual Property Section are prosecuting this case on behalf of the government.
The Federal Bureau of Investigation conducted the investigation leading to the indictment in this case. The FBI was assisted by Bulgaria’s General Directorate for Combating Organized Crime. In addition to the Justice Department’s Computer Crimes and Intellectual Property Section’s involvement in the investigation, the Department’s Office of International Affairs provided significant assistance with the extradition process.
An indictment is an accusation. A defendant is presumed innocent unless and until proven guilty.