U.S. Wins One, Maybe Two, Extradition Petitions in Unrelated Cases – Source: securityboulevard.com

U.S. prosecutors in recent days won an extradition case to bring a suspected cybercriminal from Spain to the United States and may be able to get another suspect shipped from the UK to face charges in an unrelated hacking case.

Artem Stryzhak, a Ukrainian citizen arrested in Spain last year for launching a series of ransomware attacks against organizations in the United States, Canada, and Australia that cost victims millions of dollars in ransom payments and damage to their systems, was extradited from Spain earlier this month to face a range of crimes, according to the U.S. Justice Department.

Stryzhak is accused of using the Nefilim ransomware in the attacks, striking a deal in 2021 with administrators of the ransomware-as-a-service (RaaS) operations to use its malware in return for 20% of what he collected through ransom payments.

“He operated the ransomware through his account on the online Nefilim platform, known as the ‘panel,’” the DOJ wrote in announcing his extradition from Spain. “When he first obtained access to the panel, Stryzhak asked a co‑conspirator whether he should choose a different username from the one he used in other criminal activities in case the panel ‘gets hacked into by the feds.’”

Big Targets

Stryzhak and his unnamed co-conspirators targeted organizations that had more than $100 million in annual revenue, using online databases to get data about their targets like net worth, size, and contact information. In July 2021, a Nefilim administrator was encouraged to go bigger and attack companies with more than $200 million in yearly revenue, prosecutors said.

In keeping with Nefilim tactics, he would run double-extortion campaigns, not only encrypting victims’ data but also exfiltrating it and threatening to publicly expose the data on public leak sites if a ransom wasn’t paid.

In the partially redacted indictment against Stryzhak, prosecutors wrote that affiliates using the Nefilim ransomware “typically customized the ransomware executable file … for each ransomware victim. The customization allowed the ransomware actors to create a decryption key that could only decrypt the network of the specific victim against which the ransomware was deployed and allowed ransomware actors to create customized ransom notes.”

A Range of Victims

Victims who paid the ransom usually got a decryption key in return to restore their data, prosecutors wrote. Those victims included companies in such industries as engineering, aviation, chemicals, construction, and oil and gas. There was also an international eyewear firm and a pet care organization that were targeted in the attacks, they wrote.

“The criminals who carry out these malicious cyber-attacks often do so from abroad in the belief that American justice cannot reach them.,” John Durham, U.S. attorney for the Eastern District of New York, said in a statement, adding that the extradition and charges filed against Stryzhak “prove that they are wrong.”

Stryzhak is charged with conspiracy to commit fraud, extortion, and other crimes.

Hacking-for-Hire Alleged

Earlier in the same week, an English judge reportedly cleared the path for an Israeli private investigator accused by U.S. prosecutors of running an elaborate “hacking-for-hire” campaign against climate activists and environmental groups.

The DOJ has charged Amit Forlit with conspiracy to commit computer hacking, conspiracy to commit wire fraud, and wire fraud, alleging he was hired a lobbyist group that represented oil-and-gas giant ExxonMobil, among other companies. The hacking campaign almost a decade ago was designed to discredit environmentalist organizations and leaders that were pursuing climate change lawsuits in the United States, claiming that fossil fuel companies for decades misled the public about the threats of a warming planet, such as more extreme storms and flooding due to rising ocean levels.

According to The New York Times, prosecutors are alleging that the 57-year-old Forlit – who ran two investigation companies in Israel and a third in the United States – hacked more than 100 victims and stole confidential information at the request of the lobbying and consulting firm, an effort that earned him at least $16 million.

Officials with ExxonMobil and the lobbying group, DCI Group, denied involvement in any hacking campaigns.

Big Oil vs. Climate Activists

Forlit was arrested in London months after an associate, Aviram Azari – another Israeli private detective – pleaded guilty to such charges as conspiracy and wire fraud. According to NPR, a DOJ affidavit filed in the extradition case outlined how the operation allegedly worked, with a D.C. lobbying firm telling Forlit which people and organizations to target and Forlit or a co-conspirator giving the list to Azari.

Forlit reportedly has two weeks to appeal the British court’s ruling.

Azari then allegedly hired the hackers who targeted the activists and firms, with the lobbying firm then allegedly sharing private documents obtained via the hacking with the oil company. The private documents would then find their way into media reports and then used in court filings to push back against the lawsuits.

The Union of Concerned Scientists was among those targeted, as was the head of the Rockefeller Family Fund, the New York Times reported.