“Satori” IoT Botnet Operator Arrested in 2018 and Now Pleads Guilty in Washington
Last updated September 28, 2021
Oleg Koshkin, 41, a Russian national, has been convicted of charges relating to the “Kelihos” botnet, which operated under his control, along with the websites “Crypt4U.com” and “fud.bz”. Koshkin offered crypting services for other malware authors and operators, remote-access trojans, keyloggers, credentials stealers, and cryptojackers. Covering such a wide range of malicious operations, the defendant supported a large number of cybercriminals, and by extension, a significant scale of damage to victims.
Koshkin was arrested in 2019 in California, two years after his co-conspirator Peter Laveshov, who was also linked with “Kelihos,” was arrested in Spain. Laveshov was extradited to the United States, where he pleaded guilty to several counts, including international damage to protected computers, conspiracy, wire fraud, and aggravated identity theft. Obviously, the subsequent interrogation soon led to Koshkin, but more associates belonging to the same circle are still out there.
Koshkin was specialized in the crypting aspect of the Kelihos operation, whereas Levashov was focused on the distribution through multiple criminal affiliates. The botnet was used in high-volume spamming campaigns, account credentials harvesting, carrying out denial of service attacks, and even ransomware distribution. At the time of its dismantling, Kelihos counted 50,000 infected computers around the world, which was a very significant number.
The defendant offered the aforementioned services knowingly, helping malicious actors bypass anti-virus software and other protective measures, while the criminal aspect of the Crypt4U service was never concealed. As such, there was no way for Koshkin to avoid the conviction through ambiguous claims.
Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department's Criminal Division stated the following:
The defendant is now facing up to 15 years of imprisonment, which is to be decided on September 20, 2021, which is the scheduled trial date. On that day, Pavel Tsurkan, another person linked with the Kelihos botnet, is also to hear his sentence for aiding and abetting Levashov.