Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

US Announces Charges, Sanctions Against Russian Administrator of Carding Website

US offers up to $10 million for information on Timur Shakhmametov, charging him with running the carding website Joker’s Stash.

The US government on Thursday announced rewards of up to $10 million each for information leading to the arrest of two Russian nationals charged over their involvement in operating and laundering proceeds from carding websites.

An underground marketplace for stolen payment card data active since at least 2014, Joker’s Stash announced its shut down in January 2021, roughly one month after law enforcement seized its servers.

According to the indictment, Joker’s Stash offered for sale roughly 40 million payment cards annually, and is estimated to have generated between $280 million and over $1 billion in illegal profits.

The carding website, the indictment alleges, was operated, among others, by Russian national Timur Shakhmametov, also known as ‘JokerStash’ and ‘Vega’.

He was charged with bank fraud conspiracy, access device fraud conspiracy, and money laundering conspiracy related to his involvement in operating Joker’s Stash.

The US is offering up to $10 million for information on Shakhmametov, and separate rewards of up to $1 million for information on other leaders of the website.

According to the indictment, Russian national Sergey Ivanov, also known as ‘Taleon’, was involved in laundering proceeds from Joker’s Stash and Rescator, a carding website offering stolen payment card data from US organizations and the personal information of US citizens.

In 2013, the site advertised the data of 40 million payment cards and the personally identifiable information (PII) of 70 million people, stolen from a major retailer, the indictment alleges. The retailer was likely Target.

Advertisement. Scroll to continue reading.

Allegedly a cyber money launderer for roughly two decades, Ivanov created and/or operated payment and exchange services UAPS, PinPays, and PM2BTC, working with cybercrime marketplaces, ransomware groups, and hackers who breached major US organizations.

Between 2013 and 2024, transactions of over $1.15 billion in value were conducted through cryptocurrency addresses allegedly associated with Ivanov’s money laundering operations. Approximately 32% of the bitcoin sent to these addresses originated from cybercriminal activities, including fraud proceeds and proceeds from ransomware payments.

The US is offering a reward of up to $10 million for information on Ivanov, and separate rewards of up to $1 million for information on other key leaders of UAPS, PM2BTC, and PinPays. Additionally, the Treasury Department sanctioned Ivanov, while identifying PM2BTC as a “’primary money laundering concern’ in connection with Russian illicit finance”.

On Thursday, the US also announced the seizure of the domain names associated with cryptocurrency money laundering exchange Cryptex.net, which processed transactions of approximately $1.4 billion, most of which were associated with criminal activity or went to entities sanctioned by the US.

As part of the coordinated action, authorities in the Netherlands seized servers hosting PM2BTC and Cryptex, along with cryptocurrency worth over $7 million.

Related: US Targets Russian Election Influence Operation With Charges, Sanctions, Domain Seizures

Related: US Charges Three Eastern Europeans Over Ransomware and Malvertising, Leader Extradited

Related: The US is Preparing Criminal Charges in Iran Hack Targeting Trump, AP Sources Say

Related: US Announces Charges, Reward for Russian National Behind Wiper Attacks on Ukraine

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.