Connect with us

Hi, what are you looking for?



Money Mule Leader Pleads Guilty for Part in Global Fraud Scheme Powered by Zeus

On Friday, the last of 27 defendants arrested in connection with a global cybercrime operation that compromised dozens of accounts and used false identities to open hundreds of bank accounts, pled guilty and now faces up to 45 years in prison.

On Friday, the last of 27 defendants arrested in connection with a global cybercrime operation that compromised dozens of accounts and used false identities to open hundreds of bank accounts, pled guilty and now faces up to 45 years in prison.

Nikolay Garifulin, 22, of Volgograd, Russia, pled guilty last Friday in Manhattan federal court to conspiracy to commit bank fraud and possess false identification documents for his role in the scheme that made use of the popular Zeus malware and a network of “money mules” to steal over $3 million from dozens of U.S. accounts that were compromised by malware attacks.

According to the U.S. Attorney’s Office, the cyber-attacks originated in Eastern Europe and utilized the Zeus Trojan to record victim’s keystrokes, arming the cyber-thieves with the information needed to take over the victims’ bank accounts, and make unauthorized transfers to accounts controlled by the co-conspirators.

Zeus CybercrimeThese receiving accounts were set up by a network of money mules responsible for retrieving the stolen funds and transferring the money overseas. To carry out the scheme, the money mule organization recruited individuals who had entered the United States on student visas, providing them with fake foreign passports, and instructing them to open false-name accounts at U.S. banks.

Acting as leader in the money mule network, Garifulin collected funds that had been withdrawn by money mules from the fraudulent accounts in the United States, transferred the funds to Eastern Europe as requested by the organization’s leader. Garifulin also arranged for fake passports to be transferred to mules in the United States from Eastern Europe.

Idan Aharoni, Head of Cyber Intelligence for the FraudAction Intelligence team at RSA, and a SecurityWeek contributor, says it’s impossible to talk about the world of fraud without mentioning mules. “When it comes to infrastructure, mules are just as important – if not more important – than having a botnet or a phishing attack set up,” Aharoni writes. “Being such a pivotal part of the fraud process, it’s no surprise that fraudsters go to great lengths to recruit and control mules. If in the past mule recruitment was done mostly in the real world – where potential mule candidates were preyed on due to poverty in most cases – today, fraudsters employ much more sophisticated methods for mule recruitment. Not only do these methods void the need for the fraudster to be physically present in the country, but they also increase the bandwidth of the mule recruitment. In cases where these methods were problematic to implement, the recruiters improved the existing methods and added a new layer of sophistication.”

In connection with the global cybercrime ring, charges were filed against 37 defendants back in September 2010. Including Garifulin, 27 defendants pled guilty, and two defendants have entered into deferred prosecution agreements. Eight defendants are fugitives and are wanted in the United States and abroad.

Two other leaders of the mule organization also pled guilty and have been sentenced, including Kasum Adigyuzelov and Dorin Codreanu. Adigyuzelov was sentenced in May 2011 to 48 months in prison and Codreanu was sentenced in July 2011 to 20 months in prison.

Advertisement. Scroll to continue reading.

Garifulin will be sentenced on January 13, 2012.

Related Column: Stopping The Next Money Mule: How Banks Can Identify Mule Accounts as They are Opened

Related Column: Inside the Mule Network

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...