The US Federal Prosecutor's Office filed a request with the US District Court for the Eastern District of Michigan, recommending that Russian citizen Ilya Angelov, the founder of the Mario Kart hacking group, be sentenced to five years and one month in prison.
According to the sentencing memorandum, he is accused of cyber fraud that resulted in losses of $ 14 million for 72 American companies. In October 2023, the defendant pleaded guilty and agreed to reimburse the victims.
From 2017 to 2021, Angelov ran a group based in Russia and designated by the FBI as “Mario Kart“. The case file also lists other names for this organization: TA-551, Shathak, GOLD CABIN, Monster Libra, ATK236 and G0127. According to the US prosecutor, Mario Kart was a “well-organized business“ built around selling access to infected devices. The prosecutor's office believes that Angelov and his accomplices created a network of compromised computers by massively distributing spam with malicious files.
The hackers subsequently monetized their criminal activity by selling access to computers to other groups engaged in ransomware extortion. The US prosecutor's office notes that they blocked victims' access to their computer networks and demanded ransom for their restoration.
Such cybercriminal groups, according to the prosecutor's office, functioned like businesses: they had salaries, management and a division of labor. Within this ecosystem, some members distributed malicious files and formed a botnet, others used it for hacking attacks, and still others downloaded and laundered the proceeds.
The Mario Kart group, according to the memo, “was an important link in the chain that led to the payment of millions of dollars in ransoms by American companies“. Through massive spam campaigns with up to 700,000 emails per day, the malware spread around the world, with the number of new infections reaching 3,000 computers per day at its peak. Infected devices became part of the botnet and were used as entry points for further attacks.
According to prosecutors, the group's main source of income came from selling access to this infrastructure to other cybercriminals, who then deployed ransomware and demanded ransom from victims. American prosecutors insist that Angelov was a key negotiator in the criminal deals.