The US Department of Justice (DoJ) announced that 19 individuals involved in the management and use of the defunct cybercrime marketplace xDedic have been charged with lengthy prison sentences.
The list includes two xDedic administrators, Pavlo Kharmanskyi, a Ukrainian arrested while trying to enter the United States, and Alexandru Habasescu, a Moldovan national, arrested in the Spanish Canary Islands in 2022.
Kharmanskyi and Habasescu were sentenced to 30 and 41 months in prison, respectively.
Russian Dariy Pankov and Nigerian Allen Levinson were also among those charged.
The US government described Pankov as the developer of the NLBrute malware and as “one of the largest sellers on the Marketplace by volume, offering credentials for more than 35,000 compromised servers located around the world.” and obtaining over $350,000 in illicit proceeds.” .” He was sentenced to 60 months in federal prison.
Meanwhile, Levinson is “a prolific buyer in the marketplace who was interested in purchasing access to U.S.-based certified public accounting firms.” He was arrested in the United Kingdom in 2020 and extradited to the United States. Levinson was sentenced to 78 months in prison.
The rest of the list includes cybercriminals from Ukraine, Nigeria, the United Kingdom and several American nationals.
Among them, 11 were sentenced to sentences ranging from 5 years of probation to 78 months in prison. Five individuals are still awaiting sentence.
Two additional suspects could be extradited from the United Kingdom to the United States on charges of conspiracy to commit wire fraud and aggravated identity theft.
What is the xDedic Dark Web Marketplace?
The dark web marketplace xDedic was first discovered in 2016 when Kaspersky Lab was informed by a European Internet service provider (ISP).
The security vendor claimed the marketplace has been active since at least 2014 and provides a platform for commercial connections to up to 70,000 enterprise and government servers, starting at just $6 per connection.
In January 2019, the U.S. Attorney’s Office for the Middle District of Florida (Tampa Division) seized xDedic’s domain names and dismantled the website’s infrastructure, effectively shutting down its business.
The joint law enforcement also involved the FBI, Europol, Belgian and Ukrainian authorities, the National High-Tech Crime Unit of the Dutch National Police and the German Bundeskriminalamt.
In total, the DoJ estimates that xDedic offered more than 700,000 compromised servers for sale, including at least 150,000 in the United States.
Market victims are spread across the globe and across all industries, including local, state and federal government infrastructure, hospitals, 911 and emergency services, call centers, major metropolitan transportation authorities , accounting and legal firms, pension funds and universities.