Hacker offered employee $1M in Bitcoin to plant malware

Kriuchkov attempted to solicit an employee to initiate an insider attack on a company network

Egor Igorevic Kriuchkov allegedly attempted to pay an employee at an undisclosed Nevada company $1 million in Bitcoin to install malware on his employer’s computer. However, the employee chose to report Kriuchkov to the FBI instead.

Court documents that were unsealed yesterday, revealed that the US Department of Justice charged Kriuchkov with conspiracy to damage a protected computer system. The 27 year old had traveled from Russia to the US to try and recruit the employee, who is known only as CHS1 in the complaint, and informed CHS1 that he was a part of a larger syndicate.

Once the FBI were informed of his intentions, they tracked Kriuchkov’s movements over the course of three weeks. They also eavesdropped on all his communications and collected evidence against him before they arrested him in Los Angeles on Saturday, August 22.

The complaint, which was filed in the US District in Reno on August 23, illustrates how Kriuchkov presented his proposition to the employee in detail.

In July, Kriuchkov reached out to CHS1 through Whatsapp to set up a meeting in Nevada, having met him through a mutual acquaintance; 12 days later Kriuchkov entered the US. He met with CHS1 multiple times throughout the month of August, paying for dinners and other entertainment.

Kriuchkov had revealed to the employee that after the malware was set up, it would give his colleagues in Russia access to data in the company’s network. His gang would then threaten to sell the data on daknet markets unless the company paid a ransom.

While the complaint did not reveal the name of the company, nor the amount that would have been proposed as ransom, it was assumed that the ransom would be paid in Bitcoin.

Kriuchkov also explained that his fellow teammates would launch a DDoS attack on the company’s servers so that the security team would be preoccupied while they looted their database.

On the second and third of August, Kriuchkov, CHS1, and CHS1’s friends went to Zion National Park and Lake Tahoe. Kriuchkov paid for everyone’s expenses while making sure that he stayed out of any photo ops.

On the night of August 3, Kriuchkov disclosed the full details of his plan to CHS1. He revealed that he worked for a group that pays employees to plant malware on their employer’s servers. While Kriuchkov initially offered him $500,000 in bitcoin for installing the malware, he later offered $1 million after the malware transmitted.

According to the complaint, Kriuichkov said that “the bitcoin transfer would happen in a few days and he should not take action until the employee received the bitcoin transfer”.

On August 21, Kriuchkov informed the employee that his plans had been delayed and that he was heading out of the country. Local authorities caught up with him the following day, before he managed to exit.