Pavel Stassi, 30, of Estonia, was sentenced to two years and Aleksandr Skorodumov, 33, of Lithuania, to four.
“Over the course of many years, the defendants facilitated the transnational criminal activity of a vast network of cybercriminals throughout the world by providing them a safe-haven to anonymize their criminal activity,” said Special Agent in Charge Timothy Waters of the FBI’s Detroit Field Office.
They worked under the direction of their co-defendants, Aleksandr Grichishkin and Andrei Skvortsov, both 34 year-old Russian nationals, to establish a safe area for cyber criminals to work.
“The group rented IP addresses, servers, and domains to cybercriminal clients who employed this technical infrastructure to disseminate malware used to gain access to victims’ computers, form botnets, and steal banking credentials for use in frauds,” the DoJ statement said.
The organization hosted malware, including Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit, which attacked U.S. companies and financial institutions between 2009 and 2015 and caused or attempted to cause millions of dollars in losses to U.S. victims, it added.
All four men have also pleaded guilty to RICO charges, meaning that they operated as an organized criminal group. Aleksandr Grichishkin and Andrei Skvortsov still await sentencing and could face up to 20 years in prison.
The sentences come amid a two year uptick in cyber crime brought on by the COVID-19 pandemic, as digital and remote work has made more and more industries susceptible to exploitation by cybercriminals.
“Cybercrime presents a serious and persistent threat to the United States, and these prosecutions send a clear message that ‘bulletproof hosters’ who purposely aid other cybercriminals are responsible, and will be held accountable, for the harms their criminal clients cause within our borders,” said Assistant Attorney General Kenneth A. Polite Jr. of the Justice Department’s Criminal Division.