Cybercrime , Fraud Management & Cybercrime

Ukrainian Extradited to US Over Alleged Raccoon Stealer Ties

Mark Sokolovsky Has Fought Extradition From the Netherlands Since March 2022 Arrest
Ukrainian Extradited to US Over Alleged Raccoon Stealer Ties
Ukrainian national Mark Sokolovsky faces U.S. federal allegations related to his role in the Raccoon Stealer malware-as-a-service operation. (Image: Shutterstock)

A Dutch court extradited a Ukrainian national to the United States, where he faces criminal charges related to his role in the malware-as-a-service Raccoon info stealer.

See Also: The Healthcare CISO’s Guide to Medical IoT Security

The extradition of Mark Sokolovsky, 28, comes nearly two years after Netherlands police arrested him in March 2022 at the behest of U.S. authorities. Federal prosecutors accused Sokolovsky of setting up the technical infrastructure used to sell the info stealer and of contributing to improving its code. A grand jury indicted him for conspiracy to commit fraud, wire fraud, money laundering and one count of aggravated identity theft.

Raccoon, which first emerged in 2019, is one of about two dozen malware-as-a-service info stealers available online, generally for $200 to $300 a month. Others include Redline, Vidar and Agent Tesla. Their operators advertise on dark web forums and have grown their malware in sophistication to steal not just payment card data stored in browsers but cookie sessions and logon credentials, according to a 2023 presentation at an annual FIRST conference by an analyst with threat intelligence firm S2W. Advanced versions can grab data from browser plug-ins, such as second-factor authentication codes and VPN credentials.

Orange España, Spain's second-largest mobile provider, earlier this year suffered a connectivity outage that lasted several hours, after an attacker changed the company's internet routing settings. The attacker gained access to the settings by infecting an employee computer with Raccoon Stealer, cybersecurity firm HudsonRock said.

Sokolovsky's arrest was timed with an international law enforcement operation that dismantled the infrastructure supporting Raccoon at the time (see: US Indicts Ukrainian for Role in Raccoon Malware Scheme).

FBI agents identified more than 50 million unique credentials and forms of identification, such as bank accounts and cryptocurrency addresses, that had been siphoned by Raccoon users. The future of Raccoon Stealer became uncertain following Sokolovsky's arrest, but his co-conspirators made a comeback last year with an updated version of the malware.

Version 2.3.0 of the malware introduced new functionality, such as improved search of stolen data sets, automatic bot blocking and evasion of IP addresses used by security practitioners to monitor Raccoon traffic, Cyberint found.

Raccoon is written in C++, meaning it can compromise all three major operating systems: Windows, MacOS and Linux, researchers at Quorum Cyber said.

Notable Raccoon victims last year included eight Indian government entities, including the central paramilitary forces and the tax agency, reported the Indian Express.

Sokolovsky made a court appearance on Feb. 9 and is being held in custody pending trial.


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.