{ "id": "df34130d-9436-488b-89c3-00ad66314fb5", "created_at": "2026-04-06T00:12:10.677781Z", "updated_at": "2026-04-10T03:36:19.139785Z", "deleted_at": null, "sha1_hash": "924c4eaedc95a3213a82044d8c46c2fa4c4e801d", "title": "Malware Author Pleads Guilty for Role in Transnational Cybercrime Organization Responsible for more than $568 Million in Losses", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 39214, "plain_text": "Malware Author Pleads Guilty for Role in Transnational\r\nCybercrime Organization Responsible for more than $568 Million\r\nin Losses\r\nPublished: 2020-07-31 · Archived: 2026-04-05 21:23:32 UTC\r\nAn author of malicious computer software and a member of the Infraud Organization pleaded guilty today to\r\nRICO conspiracy, announced Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s\r\nCriminal Division. \r\nValerian Chiochiu, aka “Onassis,” “Flagler,” “Socrate,” and “Eclessiastes,” 30, pleaded guilty before U.S. District\r\nCourt Judge James C. Mahan in the District of Nevada.  Chiochiu is a national of the Republic of Moldova, but\r\nresided in the United States during the period of the conspiracy.  His plea came just over a month after the co-founder and administrator of Infraud, Sergey Medvedev of Russia, separately pleaded guilty on June 26. \r\nSentencing for Chiochiu has been scheduled for Dec. 11.\r\nInfraud was an Internet-based cybercriminal enterprise engaged in the large-scale acquisition, sale, and\r\ndissemination of stolen identities, compromised debit and credit cards, personally identifiable information,\r\nfinancial and banking information, computer malware, and other contraband.\r\n“Over the course of seven years, Infraud and its alleged conspirators created a sophisticated cybercriminal\r\nracketeering scheme that victimized individuals, merchants, and financial institutions to the tune of over half a\r\nbillion dollars in losses,” said Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s\r\nCriminal Division.  “The Justice Department is committed to unmasking cyber criminals and their criminal\r\norganizations that use the internet for fraudulent schemes.”\r\n“HSI and our partners are at the forefront of combating financial crimes and illicit activities spread on the\r\nInternet,” said Special Agent in Charge Francisco Burrola for the U.S. Immigration and Customs Enforcement’s\r\nHomeland Security Investigations (HSI) Las Vegas Office.  “While criminal operators may continue to grow the\r\nreach of their criminal activity, ultimately they do not escape the reach of law enforcement. We continue to\r\ninvestigate, disrupt, and dismantle hidden illegal networks that pose a threat in cyberspace.”\r\nAccording to the indictment, the Infraud Organization was created in October 2010 by Medvedev and Svyatoslav\r\nBondarenko, aka “Obnon,” “Rector,” and “Helkern,” 34, of Ukraine, to promote and grow interest in the Infraud\r\nOrganization as the premier destination for “carding” —purchasing retail items with counterfeit or stolen credit\r\ncard information — on the Internet.  Under the slogan, “In Fraud We Trust,” the organization directed traffic and\r\npotential purchasers to the automated vending sites of its members, which served as online conduits to traffic in\r\nstolen means of identification, stolen financial and banking information, malware, and other illicit goods.  It also\r\nprovided an escrow service to facilitate illicit digital currency transactions among its members and employed\r\nscreening protocols that purported to ensure only high quality vendors of stolen cards, personally identifiable\r\ninformation, and other contraband were permitted to advertise to members.  In March 2017, there were 10,901\r\nregistered members of the Infraud Organization.\r\nhttps://www.justice.gov/opa/pr/malware-author-pleads-guilty-role-transnational-cybercrime-organization-responsible-more-568\r\nPage 1 of 2\n\nBondarenko currently remains a fugitive.  \r\nAccording to the indictment, Chiochiu provided guidance to other Infraud members on the development,\r\ndeployment, and use of malware as a means of harvesting stolen data.  As part of his plea agreement, Chiochiu\r\nadmitted to authoring a strain of malware known to the computer security community as “FastPOS”.\r\nDuring the course of its seven-year history, the Infraud Organization inflicted approximately $2.2 billion in\r\nintended losses, and more than $568 million in actual losses, on a wide swath of financial institutions, merchants,\r\nand private individuals, and would have continued to do so for the foreseeable future if left unchecked. \r\nThe investigation was conducted by the Las Vegas Office of U.S. Immigration and Customs Enforcement’s\r\nHomeland Security Investigations and the Henderson, Nevada Police Department.  The U.S. Attorney’s Office for\r\nthe Central District of California also provided assistance with Chiochiu’s case.  Deputy Chief Kelly Pearson and\r\nTrial Attorneys Chad W. McHenry and Alexander Gottfried of the Criminal Division’s Organized Crime and Gang\r\nSection are prosecuting the case.\r\nThe year 2020 marks the 150th anniversary of the Department of Justice.  Learn more about the history of our\r\nagency at www.Justice.gov/Celebrating150Years.\r\nSource: https://www.justice.gov/opa/pr/malware-author-pleads-guilty-role-transnational-cybercrime-organization-responsible-more-568\r\nhttps://www.justice.gov/opa/pr/malware-author-pleads-guilty-role-transnational-cybercrime-organization-responsible-more-568\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA", "Malpedia" ], "references": [ "https://www.justice.gov/opa/pr/malware-author-pleads-guilty-role-transnational-cybercrime-organization-responsible-more-568" ], "report_names": [ "malware-author-pleads-guilty-role-transnational-cybercrime-organization-responsible-more-568" ], "threat_actors": [ { "id": "43cfcac9-ab2f-4f7d-ad3b-b2c09fb672b5", "created_at": "2022-10-25T16:07:24.499018Z", "updated_at": "2026-04-10T02:00:05.012584Z", "deleted_at": null, "main_name": "Infraud Organization", "aliases": [ "Operation Shadow Web" ], "source_name": "ETDA:Infraud Organization", "tools": [ "FastPOS" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434330, "ts_updated_at": 1775792179, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/924c4eaedc95a3213a82044d8c46c2fa4c4e801d.pdf", "text": "https://archive.orkl.eu/924c4eaedc95a3213a82044d8c46c2fa4c4e801d.txt", "img": "https://archive.orkl.eu/924c4eaedc95a3213a82044d8c46c2fa4c4e801d.jpg" } }