Latvian hacker extradited to US for ties to Karakurt cybercrime group

Deniss Zolotarjovs, a 33-year-old Latvian national, has been extradited to the United States to face charges related to his alleged involvement in the Karakurt cybercrime group.

Zolotarjovs, also known by the online alias "Sforza_cesarini," is accused of stealing data, extorting victims, and laundering ransom payments since August 2021.

The U.S. Department of Justice (DoJ) announced that Zolotarjovs was arrested in Georgia in December 2023 and recently extradited to the U.S. to face charges including conspiracy to commit money laundering, wire fraud, and Hobbs Act extortion.

The DoJ stated that Zolotarjovs is a member of a cybercriminal organisation that targets computer systems globally, stealing data and demanding ransom payments in cryptocurrency to prevent the release of the stolen information.

The Karakurt group, with which Zolotarjovs is allegedly associated, maintains a website that lists victim companies and offers stolen data for download or auction.

The U.S. Federal Bureau of Investigation (FBI) linked Zolotarjovs to the Karakurt group through communications on Rocket.Chat, where he reportedly negotiated with victims and conducted research to identify contact information to pressure victims into paying ransoms.

The FBI traced Bitcoin transfers from a cryptocurrency wallet registered to an Apple iCloud account, which further connected Zolotarjovs to the alias "Sforza_cesarini" and the illegal activities of the Karakurt group.

The investigation revealed that some of the illicit proceeds were laundered through multiple addresses before being deposited into a Garantex account, associated with the same email address linked to Zolotarjovs.

This case marks the first time an alleged member of the Karakurt cybercrime group has been arrested and extradited to the U.S., potentially leading to the identification and prosecution of additional members.

The U.S. government previously issued a bulletin highlighting the aggressive tactics used by Karakurt actors, including harassing victims' employees, business partners, and clients with emails and phone calls that contained examples of stolen data to coerce payment.