Newly unsealed indictment charges Ukrainian national with international cybercrime operation

Odessa American, Texas
·2 min read

Oct. 25—AUSTIN — The Department of Justice announced on Tuesday that a newly unsealed federal grand jury indictment charges Mark Sokolovsky, 26, a Ukrainian national, for his alleged role in an international cybercrime operation known as Raccoon Infostealer, which infected millions of computers around the world with malware.

According to court documents, Sokolovsky, who is currently being held in the Netherlands pursuant to an extradition request by the United States, conspired to operate the Raccoon Infostealer as a malware-as-a-service or "MaaS." Individuals who deployed Raccoon Infostealer to steal data from victims leased access to the malware for approximately $200 per month, paid for by cryptocurrency.

These individuals used various ruses, such as email phishing, to install the malware onto the computers of unsuspecting victims. Raccoon Infostealer then stole personal data from victim computers, including log-in credentials, financial information, and other personal records. Stolen information was used to commit financial crimes or was sold to others on cybercrime forums.

In March 2022, concurrent with Sokolovsky's arrest by Dutch authorities, the FBI and law enforcement partners in Italy and the Netherlands dismantled the digital infrastructure supporting the Raccoon Infostealer, taking its then existing version offline.

Through various investigative steps, the FBI has collected data stolen from many computers that cyber criminals infected with Raccoon Infostealer. While an exact number has yet to be verified, FBI agents have identified more than 50 million unique credentials and forms of identification (email addresses, bank accounts, cryptocurrency addresses, credit card numbers, etc.) in the stolen data from what appears to be millions of potential victims around the world. The credentials appear to include over four million email addresses.

The United States does not believe it is in possession of all the data stolen by Raccoon Infostealer and continues to investigate. The FBI has created a website where anyone can input their email address to determine whether it is contained within the U.S. government's repository of Raccoon Infostealer stolen data. The website is raccoon.ic3.gov. If the email address is within the data, the FBI will send an email to that address notifying the user.

Potential victims are encouraged to fill out a detailed complaint and share any financial or other harm experienced from their information being stolen at FBI's Internet Crime Complaint Center (IC3) at ic3.gov/Home/FileComplaint.

"This case highlights the importance of the international cooperation that the Department of Justice and our partners use to dismantle modern cyber threats," Deputy Attorney General Lisa O. Monaco stated in the press release. "As reflected in the number of potential victims and global breadth of this attack, cyber threats do not respect borders, which makes international cooperation all the more critical. I urge anyone who thinks they could be a victim to follow the FBI's guidance on how to report your potential exposure."