Dmitry Fedotov, the Russian national who created the now-defunct Blackhole exploit kit, was sentenced this week by a Moscow court to seven years in prison.
Fedotov, known in the cybercrime world as “Paunch,” was one of the seven individuals convicted and sentenced for involvement in a criminal organization, according to the TASS news service. The other cybercriminals, including one who remains at large, were sentenced to between 5.5 and 8 years in prison for hacking into websites and computers.
The Blackhole exploit kit author was arrested in October 2013, when he was 27 years old. At the time of his arrest, authorities estimated that Paunch and his accomplices caused damage of 70 million rubles (roughly $2 million at the time).
The Blackhole exploit kit, which first emerged in 2010, was rented for $500 per month if run on the seller’s server and $700 if customers wanted to run it on their own server. Investigators believe the crimeware kit earned Fedotov $50,000 per month.
A few months before his arrest, Paunch teamed up with a fraudster known online as “J.P. Morgan” and announced that they had set aside $100,000 to acquire zero-day exploits, which they planned on including in an exclusive product called Cool exploit kit, priced at $10,000 per month. The budget for zero-days later doubled, and “J.P. Morgan” increased it to $450,000 after Fedotov’s arrest.
Use of Blackhole dropped significantly after Paunch’s arrest and the gap it left was soon filled by other exploit kits. Angler is currently the top choice for cybercriminals — its authors often integrate exploits for zero-days and recently patched vulnerabilities.
Related: Exploit Kits Mutate, Increase Activity
Related: Adobe Patches Flash Zero-Day Exploited by Magnitude EK

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- GoAnywhere MFT Users Warned of Zero-Day Exploit
- UK Car Retailer Arnold Clark Hit by Ransomware
- EV Charging Management System Vulnerabilities Allow Disruption, Energy Theft
- Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking
- Google Fi Data Breach Reportedly Led to SIM Swapping
Latest News
- New York Attorney General Fines Vendor for Illegally Promoting Spyware
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Cyber Insights 2023 | Zero Trust and Identity and Access Management
- Cyber Insights 2023 | The Coming of Web3
- European Police Arrest 42 After Cracking Covert App
- Florida Hospital Cancels Procedures, Diverts Patients Following Cyberattack
- VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability
