Latvian Hacker Extradited to the U.S. for Involvement in Karakurt Cybercrime Group

A 33-year-old Latvian man residing in Moscow has been charged in the U.S. for his involvement in data theft, extortion, and laundering ransom payments since August 2021.

Deniss Zolotarjovs, also known as Sforza_cesarini, faces charges of conspiracy to commit money laundering, wire fraud, and Hobbs Act extortion. He was arrested in Georgia in December 2023 and has been extradited to the U.S. this month.

According to the U.S. Department of Justice (DoJ), “Zolotarjovs is associated with a notorious cybercriminal organization targeting computer systems globally.” This group is known for stealing data from victims and demanding ransom in cryptocurrency, with a website listing stolen data for download.

Zolotarjovs is believed to have played an active role in the group, engaging in communications with other members and handling the laundering of ransom payments. While the specific name of the cybercrime syndicate was not disclosed by the DoJ, a complaint filed in the U.S. District Court on November 28, 2023, links Zolotarjovs to the Karakurt group—a splinter faction that emerged after the Conti group’s crackdown in 2022.

The Federal Bureau of Investigation (FBI) noted that Zolotarjovs, using the alias “Sforza_cesarini,” was involved in negotiating extortion cases, conducting research to identify contact information for victims, and recruiting journalists to publish articles about victims to pressure them into paying.

The FBI connected Zolotarjovs to the alias through Bitcoin transfers traced to a cryptocurrency wallet associated with an Apple iCloud account. Further analysis showed that the Rocket.Chat account used by “Sforza_cesarini” matched IP addresses used to access the iCloud account linked to Zolotarjovs.

Zolotarjovs is the first alleged Karakurt member to be arrested and extradited to the U.S., potentially leading to the identification and prosecution of other group members.

The U.S. government has reported that Karakurt members have harassed victims’ employees, business partners, and clients via email and phone, using stolen data to pressure victims into compliance.