NLBrute Malware Developer Pleads Guilty

~1 min read | Published on 2023-09-19, tagged ExtraditedPleaded-GuiltyRussia using 230 words.

The Russian man accused of creating, using, and selling NLBrute, a brute-forcing tool, has pleaded guilty.

Dariy Pankov

According to court documents, from at least June 2016 to January 2019, 28-year-old Dariy Pankov also known as "dpxaker" used NLBrute, a brute-forcing tool to acquire the login credentials of thousands of computers worldwide. He also sold NLBrute to other cybercriminals and allowed his accomplices to sell it on his behalf for a fee.
Pankov sold the tens of thousands of login credentials he acquired from the use of NLBrute through an undisclosed dark web marketplace.
An undercover agent reportedly purchased the login credentials of a Florida law firm from Pankov via the marketplace for $50 in January 2018. A few months later, in June, the undercover agent purchased the credentials of yet another Florida law firm from Pankov for $19.
Pankov listed the credentials of more than 35,000 compromised computers for sale on the market. He made more than $350,000 from the sale of the stolen credentials via the market.
Pankov was arrested in Georgia on October 4, 2022, and extradited to the United States. He was charged in a seven-count indictment filed in April 2019.
He pleaded guilty to conspiracy to commit access device fraud and computer fraud on September 14, 2023. As part of the plea agreement, Pankov agreed to forfeit $358,437. He faces a maximum penalty of five years in federal prison.

Comments (12)

us gov rat2023-09-20

his sentence is so low because he will now have a good job when he gets out

hhhh 2023-09-26

hello iwont tthis


I am not a hacker but isn't that some operating systems like Kali among others already have Bruteforce tools? So what is the difference in Pankov's case besides selling credentials and accessing computers?


The difference is that he was selling the passwords he obtained from the tool. Using the tools can be legal, it can be like how it works with money.


Building or having the tools is not illegal (at least on paper). Selling info gathered from the tools or selling the tools with the intent to do harm is illegal. Correct me if I'm wrong.


sucks when it doesn't say how he got caught. did he use his real name and credit card? mystery


probably got caught using chainalysis when trying to money launder


this is seriously stupid sentence honestly. he should have never left russia tho


A lot of Russians, and especially a lot of Russians working in IT, left Russia in 2022 to avoid mobilization. Armenia, Georgia and Turkey were the prime destinations.


He got greedy. He should of chilled and invest some of the money to be legit.


Agent opted to target their purchase specifically around a couple of FL law firms, I'm sure that was totally random


good luck to him...