Romanian national Mihai Ionut Paunescu was sentenced to three years in prison for running PowerHost[.]ro, a bulletproof service that enabled cybercriminals to distribute various banking and information stealing malware families, including the Gozi (Ursnif), Zeus, and SpyEye trojans, as well as the BlackEnergy malware.
BlackEnergy is a Russia-linked piece of malware previously observed in campaigns targeting government organizations and power grids in Ukraine,
BlackEnergy was created by researcher Dmytro Oleksiuk (aka Cr4sh) in 2007 as a DDoS trojan. By the end of 2007 cybersecurity firm Arbor Networks identified about 30 botnets build using BlackEnergy. In 2009, Oleksiuk tried to distance himself from his creation and wrote in his blog that the source code of his tool was publicly accessible and anyone could use it.
The second version of the malware first spotted in 2010 implemented capabilities beyond DDoS. The third version of BlackEnergy released in 2014 was equipped with a variety of plug-ins.
Paunescu offered servers and IP addresses rented from legitimate providers to cybercriminals who could use them as an infrastructure for conducting distributed denial-of-service attacks or dessiminate spam emails. Paunescu also monitored IPs to determine if they were marked as suspicious or untrustworthy, and relocated his customers’ data to different networks and IP addresses when blocked by private security firms or law enforcement agencies.
Paunescu was initially arrested in Romania in December 2012 and released on bail and he was arrested again in Colombia in 2021. He was extradited to the United States last year and he pled guilty in February 2023.
In addition to his prison sentence, Paunescu was ordered to forfeit $3,510,000 and pay restitution in the amount of $18,945.