A Russian national has been indicted by the US DOJ and added to the FBI’s Cyber Most Wanted list for allegedly creating and managing a cybercrime marketplace.
Igor Dekhtyarchuk, a resident of Russia, was indicted in the Eastern District of Texas for running the cybercrime marketplace that sold credit cards, access to compromised devices or accounts, and personal information.
The indictment claims that Dekhtyarchuk launched the marketplace in May 2017 and began promoting it on Russian hacking forums starting with April 2018.
“Dekhtyarchuk began advertising the sale of compromised account data in Russianlanguage hacker forums in April 2018 and opened Marketplace A in May 2018. Dekhtyarchuk immediately began advertising Marketplace A and the products it sold in May 2018,” reads the DOJ indictment.
“As of May 2021, Dekhtyarchuk, through Marketplace A, publicly advertised that he has sold over 48,000 compromised email accounts, 25,000 compromised Company B accounts, and 19,000 compromised Company A accounts.”
When buyers purchased device access from the marketplace, they were allegedly contacted on Telegram by Dekhtyarchuk or one of his associates and sent either login credentials or a login cookie that allows access to the purchased device or account.
Dekhtyarchuk has since been added to the FBI’s Cyber Most Wanted List on charges of Wire Fraud, Access Device Fraud, and Aggravated Identity Theft.
While the indictment did not reveal what cybercrime marketplace was created by Dekhtyarchuk, it did mention that he operated under the alias ‘Floraby.’
Using KELA’s cybersecurity intelligence service DARKBEAST, BleepingComputer was able to find a person named ‘Floraby’ promoting the BAYACC marketplace, which sold compromised credentials.
While the site appears to be down, you can see from archived snapshots that BAYACC sold accounts for various companies, including eBay, Amazon, SamsClub, and PayPal, with the prices advertised in Russian Rubles.
Advanced Intel CEO Vitali Kremez also confirmed to BleepingComputer that the person behind ‘Floraby’ was a supplier of bruteforced accounts that were then sold on their BAYACC marketplace.
“The person leveraged compromised data from various e-commerce websites to bruteforce major retailer store accounts and offer them to various carders and fraudsters online,” Kremez told BleepingComputer.
“His shop ‘BAYACC’ largely competed with the account shop giants such as SlilPP for the criminal market share, offering daily updates of free compromised accounts.”
While the BYACC Telegram still appears to be active, the site is no longer accessible.
One of the ways that law enforcement has been tackling the growing ransomware epidemic is to target the infrastructure and access providers that attackers use too gain access to corporate networks.
In June 2021, an international law enforcement operation took down Slilpp, the largest online marketplace of stolen login credentials.
Later that month, law enforcement seized the servers, data, and customer logs for DoubleVPN, a double-encryption service commonly used by ransomware gangs and other threat actors.