Former Russian Federal Security Service (FSB) officer Grigory Tsaregorodtsev was sentenced to nine years in prison in a penal colony. The decision was made after Perm Garrison Military Court found Tsaregorodtsev guilty of accepting 1.7 million USD bribe from a cybercrime syndicate in exchange for turning a blind eye to their illicit activities.  The Grigory Tsaregorodtsev corruption scandal began to unfold in 2022 when Russian authorities apprehended six individuals associated with a notorious cybercrime group operating in the city of Perm in Russia. This group had orchestrated a sophisticated scheme, hacking into thousands of e-commerce websites and pilfering sensitive payment card data. Their activities facilitated the sale of millions of stolen card details on underground platforms like Trump’s Dumps, among others.

Former FSB Officer Grigory Tsaregorodtsev Sentenced For Taking Bribes

At the bottom of this scandal is the once-respected figure within the FSB's counterintelligence division based in the city of Perm. His role came under scrutiny when it was revealed that he had accepted substantial bribes from the hacker groups. These bribes, totaling a staggering 160 million rubles, were exchanged for his protection and influence, allowing the hackers to operate without fear of authorities., reported Krebs on Security. However, Tsaregorodtsev's downfall was inevitable as he was detained and subsequently brought to trial. Throughout the proceedings, the court uncovered a web of deceit and corruption woven by the former FSB officer. Despite his attempts to downplay his involvement, the evidence against him proved damning.  Tsaregorodtsev's defense argued that he had merely engaged in fraudulent activities, rather than outright bribery, as he failed to deliver on the promises made to the cybercriminals.

The Trial of Former FSB Officer Grigory Tsaregorodtsev

The trial of Grigory Tsaregorodtsev shed light on the extent of the operation and the things acquired by the ex-FBS officer with the bribes, including lavish properties, luxury vehicles, and a substantial cache of cash and gold bars.  According to Russian newspaper Коммерсантъ, the outcome of the court session revealed that Tsaregorodtsev had abused his position of authority for personal enrichment, betraying the trust placed in him by the Russian state and its citizens. Ultimately, the court handed down a harsh sentence, condemning Tsaregorodtsev to nine years in a maximum-security facility and imposing a hefty fine of 320 million rubles. Furthermore, he was stripped of his military rank and barred from holding certain positions upon his released.

The court also stated that "he must pay the state an amount equal to the size of the bribe: minus the value of the valuables and money seized during the investigation, it amounts to slightly more than 138 million rubles", added the newspaper.

The repercussions of Tsaregorodtsev's actions extended beyond his own fate, casting doubt over the integrity of the Russian security apparatus. Questions were raised about the extent of corruption within the FSB and the measures needed to root out such malfeasance. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites. The protection scheme was exposed in 2022 when Russian authorities arrested six members of the group, which sold millions of stolen payment cards at flashy online shops like Trump’s Dumps.

As reported by The Record, a Russian court last week sentenced former FSB officer Grigory Tsaregorodtsev for taking a $1.7 million bribe from a cybercriminal group that was seeking a “roof,” a well-placed, corrupt law enforcement official who could be counted on to both disregard their illegal hacking activities and run interference with authorities in the event of their arrest.

Tsaregorodtsev was head of the counterintelligence department for a division of the FSB based in Perm, Russia. In February 2022, Russian authorities arrested six men in the Perm region accused of selling stolen payment card data. They also seized multiple carding shops run by the gang, including Ferum Shop, Sky-Fraud, and Trump’s Dumps, a popular fraud store that invoked the 45th president’s likeness and promised to “make credit card fraud great again.”

All of the domains seized in that raid were registered by an IT consulting company in Perm called Get-net LLC, which was owned in part by Artem Zaitsev — one of the six men arrested. Zaitsev reportedly was a well-known programmer whose company supplied services and leasing to the local FSB field office.

Russian news sites report that Internal Affairs officials with the FSB grew suspicious when Tsaregorodtsev became a little too interested in the case following the hacking group’s arrests. The former FSB agent had reportedly assured the hackers he could have their case transferred and that they would soon be free.

But when that promised freedom didn’t materialize, four the of the defendants pulled the walls down on the scheme and brought down their own roof. The FSB arrested Tsaregorodtsev, and seized $154,000 in cash, 100 gold bars, real estate and expensive cars.

At Tsaregorodtsev’s trial, his lawyers argued that their client wasn’t guilty of bribery per se, but that he did admit to fraud because he was ultimately unable to fully perform the services for which he’d been hired.

The Russian news outlet Kommersant reports that all four of those who cooperated were released with probation or correctional labor. Zaitsev received a sentence of 3.5 years in prison, and defendant Alexander Kovalev got four years.

In 2017, KrebsOnSecurity profiled Trump’s Dumps, and found the contact address listed on the site was tied to an email address used to register more than a dozen domains that were made to look like legitimate Javascript calls many e-commerce sites routinely make to process transactions — such as “js-link[dot]su,” “js-stat[dot]su,” and “js-mod[dot]su.”

Searching on those malicious domains revealed a 2016 report from RiskIQ, which shows the domains featured prominently in a series of hacking campaigns against e-commerce websites. According to RiskIQ, the attacks targeted online stores running outdated and unpatched versions of shopping cart software from Magento, Powerfront and OpenCart.

Those shopping cart flaws allowed the crooks to install “web skimmers,” malicious Javascript used to steal credit card details and other information from payment forms on the checkout pages of vulnerable e-commerce sites. The stolen customer payment card details were then sold on sites like Trump’s Dumps and Sky-Fraud.