{
	"id": "2fb10f0b-baa9-443d-9995-9fc205701129",
	"created_at": "2026-04-06T00:12:02.596235Z",
	"updated_at": "2026-04-10T13:12:27.773745Z",
	"deleted_at": null,
	"sha1_hash": "ae74a35b49f41d2c3f19095fb62853cd0a9f8c7e",
	"title": "Raccoon Stealer malware operator gets 5 years in prison after guilty plea",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 549228,
	"plain_text": "Raccoon Stealer malware operator gets 5 years in prison after\r\nguilty plea\r\nBy Sergiu Gatlan\r\nPublished: 2024-12-18 · Archived: 2026-04-05 14:37:12 UTC\r\nUkrainian national Mark Sokolovsky was sentenced today to five years in prison for his involvement in the\r\nRaccoon Stealer malware cybercrime operation.\r\nAccording to unsealed court documents, Sokolovsky (also known as raccoon-stealer, Photix, and\r\nblack21jack77777) and his conspirators rented the malware to other threat actors under a MaaS (malware-as-a-service) model for $75 per week or $200 monthly.\r\nAfter infecting a device, Raccoon Stealer collects and steals a wide range of data, including credentials,\r\ncryptocurrency wallets, credit card data, email data, and other sensitive information from dozens of applications.\r\nIn March 2022, police arrested Sokolovsky in the Netherlands. The FBI also took the malware offline by\r\ndismantling its infrastructure in a joint action with law enforcement authorities in the Netherlands and Italy.\r\nThe Raccoon Stealer cybercrime gang also suspended operations around the time of Sokolovsky's arrest, saying\r\nthat one of their lead developers had been killed during Russia's invasion of Ukraine. Since then, the malware\r\noperation has been revived several times, with newer versions adding more data theft capabilities.\r\nhttps://www.bleepingcomputer.com/news/security/raccoon-stealer-malware-operator-gets-5-years-in-prison-after-guilty-plea/amp/\r\nPage 1 of 3\n\nSokolovsky was extradited to the United States in February 2024 after being indicted for fraud, money laundering,\r\nand aggravated identity theft in October 2022. One year later, he pleaded guilty and agreed to pay at least\r\n$910,844.61 in restitution.\r\n\"Mark Sokolovsky was a key player in an international criminal conspiracy that victimized countless individuals\r\nby administering malware which made it cheaper and easier for even amateurs to commit complex cybercrimes,\"\r\nsaid U.S. Attorney Jaime Esparza today.\r\n\"Sokolovsky's infostealer was responsible for compromising more than 52 million user credentials, which were\r\nthen used in furtherance of fraud, identity theft, and ransomware attacks on millions of victims worldwide,\" FBI\r\nSpecial Agent in Charge Aaron Tapp added.\r\nAfter dismantling Raccoon Stealer's infrastructure in March 2022, the FBI also created a website to help victims\r\ncheck whether their information was included in the stolen data using this malware.\r\nIf your data has been compromised, you will receive an email containing additional information and resources at\r\nthe address provided when searching the FBI's Raccoon Infostealer Disclosure portal.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nhttps://www.bleepingcomputer.com/news/security/raccoon-stealer-malware-operator-gets-5-years-in-prison-after-guilty-plea/amp/\r\nPage 2 of 3\n\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one\r\nwithout the other.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three\r\ndiagnostic questions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/raccoon-stealer-malware-operator-gets-5-years-in-prison-after-guilty-plea/amp/\r\nhttps://www.bleepingcomputer.com/news/security/raccoon-stealer-malware-operator-gets-5-years-in-prison-after-guilty-plea/amp/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/raccoon-stealer-malware-operator-gets-5-years-in-prison-after-guilty-plea/amp/"
	],
	"report_names": [
		"amp"
	],
	"threat_actors": [
		{
			"id": "d90307b6-14a9-4d0b-9156-89e453d6eb13",
			"created_at": "2022-10-25T16:07:23.773944Z",
			"updated_at": "2026-04-10T02:00:04.746188Z",
			"deleted_at": null,
			"main_name": "Lead",
			"aliases": [
				"Casper",
				"TG-3279"
			],
			"source_name": "ETDA:Lead",
			"tools": [
				"Agentemis",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"RbDoor",
				"RibDoor",
				"Winnti",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434322,
	"ts_updated_at": 1775826747,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/ae74a35b49f41d2c3f19095fb62853cd0a9f8c7e.pdf",
		"text": "https://archive.orkl.eu/ae74a35b49f41d2c3f19095fb62853cd0a9f8c7e.txt",
		"img": "https://archive.orkl.eu/ae74a35b49f41d2c3f19095fb62853cd0a9f8c7e.jpg"
	}
}