Security Experts:

Connect with us

Hi, what are you looking for?



Three GozNym Malware Operators Sentenced

Three members of the cybercriminal organization behind the infamous GozNym malware have been sentenced to prison.

Three members of the cybercriminal organization behind the infamous GozNym malware have been sentenced to prison.

GozNym emerged in early 2016 as a hybrid Trojan, being a combination between the Nymaim dropper and the Gozi financial malware. The threat targeted North America and Europe, but was sinkholed in September 2016.

The GozNym cybercrime group was dismantled in May 2019 as part of an international law enforcement operation that involved the United States, Georgia, Ukraine, Moldova, Germany, Bulgaria, Europol and Eurojust.

Authorities in the United States sentenced Krasimir Nikolov, 47, of Varna, Bulgaria, to time served after having served more than 39 months in prison. He was convicted for criminal conspiracy, computer fraud, and bank fraud for his role in the GozNym cybercrime network.

Nikolov was arrested in September 2016 in Bulgaria and extradited in December 2016. He served primarily as a “casher” or “account takeover specialist,” using stolen online banking credentials to access victims’ accounts and transfer funds to bank accounts controlled by fellow conspirators.

Nikolov was indicted in May 2019 in The Hague, Netherlands, along with 10 additional members of the GozNym criminal network.

The indictment also charged Alexander Konovolov, aka “NoNe” and “none_1,” of Tbilisi, Georgia, and Marat Kazandjian, aka “phant0m,” of Kazakhstan and Tbilisi, Georgia, as the primary organizer and leader of the GozNym network, and primary assistant and technical administrator, respectively.

Konovolov and Kazandjian were arrested and prosecuted in Georgia and were convicted to 7 and 5 years in prison, respectively. Kazandjian will only serve one year in prison and will be on parole for 4 years.

“In announcing the prosecution of the GozNym international cybercrime syndicate with our law enforcement partners at Europol in May, I stated that borderless cybercrime necessitates a borderless response. This new paradigm involves unprecedented levels of cooperation with willing and trusted law enforcement partners around the world who share our goals of searching, arresting and prosecuting cyber criminals no matter where they might be,” United States Attorney Scott W. Brady commented.

Related: Authorities Takedown GozNym Cybercrime Group That Stole an Estimated $100 Million

Related: Cisco Cracks GozNym Trojan DGA, Sinkholes Botnet

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack