Numerous cybercrime groups, including REvil, Dharma, and Netwalker, have used NLBrute.
A 28-year-old Russian national, Dariy Pankov a/k/a “dpxaker.”, was arrested in the Republic of Georgia on October 4, 2022, and, upon request, extradited to the United States, where he appeared before Magistrate Christopher P. Tuite on 21st February 2023.
Pankov is charged with conspiracy, access device fraud, and computer fraud. The Department of Justice’s press release explains that Pankov was behind the creation of a brute force attack tool known as “NLBrute”.
A brute force attack uses trial-and-error to guess the login credentials of password-protected systems.
Pankov marketed, sold, and had others sell NLBrute, which was used by numerous cybercrime groups, including REvil, Dharma, and Netwalker. He also sold stolen credentials on dark web websites that specialize in the sale and purchase of access to compromised computers.
Cybercriminals purchased the login information and used it in various malicious campaigns, including tax fraud and ransomware attacks. Pankov obtained more than $350,000 in illicit sales.
Igor Litvak, Pakov’s attorney, told CNN that his client will plead not guilty and maintain his innocence. Pankov faces a maximum sentence of 47 years in federal prison if convicted on all counts. He is currently being held in the Pinellas County Jail outside of Tampa, where he was booked on Monday.