Summary: A Russian citizen, Georgy Kavzharadze, has been sentenced to 40 months in prison for selling stolen financial information on the criminal marketplace Slilpp. He was found guilty of listing over 620,000 stolen login credentials, leading to significant financial risks for victims across multiple states in the U.S.
Threat Actor: Georgy Kavzharadze | Georgy Kavzharadze
Victim: Various individuals and financial institutions | various individuals and financial institutions
Key Point :
- Kavzharadze sold nearly 300,000 stolen login credentials on Slilpp, earning $1.2 million from illegal transactions.
- Slilpp operated for nine years, selling over 80 million login credentials from more than 1,400 companies before being taken down by law enforcement.
- The seized database contained extensive information about vendors, customers, and transactions, highlighting the scale of the operation.
The U.S. has sentenced a Russian citizen to 40 months in prison for selling financial information and login credentials on a criminal internet marketplace called Slilpp.
Georgy Kavzharadze, 27, who went by online monikers such as “TeRorPP,” “Torqovec,” and “PlutuSS,” was extradited to the U.S. in 2022 and pleaded guilty in February of this year. He was ordered to return $1.2 million earned through illegal transactions, the U.S. Department of Justice said in a statement on Wednesday.
According to court documents, between 2016 and 2021, Kavzharadze listed over 620,000 stolen login credentials for sale on Slilpp and sold almost 300,000 of them. Buyers could use this information to potentially steal money from victims’ online payment and bank accounts.
The credentials included access to accounts with banks located in New York, California, Nevada, and Georgia. Kavzharadze accepted bitcoin as payment.
Law enforcement seized the servers and domains of Slilpp in 2021. Before it was taken down, Slilpp operated across multiple domains on the public internet and the dark web. Authorities said that in its nine-year history, Slilpp sold more than 80 million login credentials from over 1,400 companies.
The seized Slilpp database contained a wealth of historical information about Slilpp vendors, customers, and transactions, including subscriber and payment information for individual accounts used to buy and sell login credentials on the platform.
Recorded Future
Intelligence Cloud.
Source: https://therecord.media/slilpp-marketplace-stolen-credentials-cybercriminal-sentencing