An Estonian national has pleaded guilty to two counts of computer fraud and abuse for his role in creating and operating a proxy botnet that was used by other cybercrime groups to transmit malicious traffic.

According to the US Department of Justice, the defendant, Pavel Tsurkan, 33, operated a proxy botnet known as “Russian2015” comprised of more than 1,000 hacked computers and routers. Tsurkan modified the operation of each compromised device so it could be used as a proxy to transmit third-party internet traffic without the owners’ knowledge or consent, the DoJ said. He then sold access to other cybercriminals who used the botnet to channel their traffic.

Victims “experienced significant data overages even when there were no home computers connected to the victims’ home networks. The data overages resulted in hundreds to thousands of dollars per victim,” the DoJ said.

Pavel Tsurkan is scheduled to be sentenced on November 10, 2021 and faces a maximum penalty of 10 years in prison. In June 2021 he pleaded guilty to aiding and abetting the unauthorized access to a protected computer. According to prosecutors, Tsurkan together with Oleg Koshkin, a Russian national who lived in Estonia, operated an online encryption service known as Crypt4U, which helped hide malware infections from antivirus software.

Tsurkan is currently released on bond pending sentencing in the Crypt4U case scheduled for September 27, 2021. He faces up to nine years in prison if found guilty.