Security Experts:

Connect with us

Hi, what are you looking for?



Three GozNym Malware Operators Sentenced

Three members of the cybercriminal organization behind the infamous GozNym malware have been sentenced to prison.

Three members of the cybercriminal organization behind the infamous GozNym malware have been sentenced to prison.

GozNym emerged in early 2016 as a hybrid Trojan, being a combination between the Nymaim dropper and the Gozi financial malware. The threat targeted North America and Europe, but was sinkholed in September 2016.

The GozNym cybercrime group was dismantled in May 2019 as part of an international law enforcement operation that involved the United States, Georgia, Ukraine, Moldova, Germany, Bulgaria, Europol and Eurojust.

Authorities in the United States sentenced Krasimir Nikolov, 47, of Varna, Bulgaria, to time served after having served more than 39 months in prison. He was convicted for criminal conspiracy, computer fraud, and bank fraud for his role in the GozNym cybercrime network.

Nikolov was arrested in September 2016 in Bulgaria and extradited in December 2016. He served primarily as a “casher” or “account takeover specialist,” using stolen online banking credentials to access victims’ accounts and transfer funds to bank accounts controlled by fellow conspirators.

Nikolov was indicted in May 2019 in The Hague, Netherlands, along with 10 additional members of the GozNym criminal network.

The indictment also charged Alexander Konovolov, aka “NoNe” and “none_1,” of Tbilisi, Georgia, and Marat Kazandjian, aka “phant0m,” of Kazakhstan and Tbilisi, Georgia, as the primary organizer and leader of the GozNym network, and primary assistant and technical administrator, respectively.

Konovolov and Kazandjian were arrested and prosecuted in Georgia and were convicted to 7 and 5 years in prison, respectively. Kazandjian will only serve one year in prison and will be on parole for 4 years.

“In announcing the prosecution of the GozNym international cybercrime syndicate with our law enforcement partners at Europol in May, I stated that borderless cybercrime necessitates a borderless response. This new paradigm involves unprecedented levels of cooperation with willing and trusted law enforcement partners around the world who share our goals of searching, arresting and prosecuting cyber criminals no matter where they might be,” United States Attorney Scott W. Brady commented.

Related: Authorities Takedown GozNym Cybercrime Group That Stole an Estimated $100 Million

Related: Cisco Cracks GozNym Trojan DGA, Sinkholes Botnet

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.