Krasimir Nikolov, a 44-year-old from Bulgaria, is one of the individuals arrested in the international Avalanche bust in December. The U.S. Attorney’s Office for the Western District of Pennsylvania filed an indictment that charged Nikolov with unauthorized access to a computer to obtain financial information, four counts of bank fraud, and conspiracy. On December 22, Nikolov pleaded not guilty to all the above federal charges.
On November 30, law enforcement agencies across the globe raided suspects in the ongoing Avalanche case. The DoJ, FBI, Luneburg Police, Europol, and various international partners are credited with the takedown. Police raided 30 countries and searched 37 locations. They seized 39 Avalanche servers and ordered hosting providers to remove another 221 servers. Police only captured five members, including Nikolov.
The U.S. Attorney’s indictment claimed Nikolov used Avalanche servers to deploy GozNym on several computers in the United States. The indictment explained how the defendant installed the malware on the victim’s computer to “obtain financial information.” He used malware to access the company’s bank credentials. Two businesses in California and two in Pennsylvania. He then attempted to transfer hundreds of thousands of dollars to bank accounts in Bulgaria.
The companies listed in the indictment are as follows:
- Protech Asphalt Maintenance, INC
- Nord-Lock, INC
- Foresight Sports, INC
- California Furniture Collections (doing business as Artifacts International).
The indictment listed details of the financial weight of the suspect’s crimes. Nikolov tried to send $378,500 from Nord-Lock’s PNC Bank account to an offshore bank he owned. Nord-Lock noticed and notified PNC Bank in time to prevent any damage from occurring. He tried the exact same scheme with Protech’s bank accounts. He made several attempts to transfer $243,000 from Protech to one of his Bulgarian accounts, but the bank prevented the transfer from going through. He unsuccessfully tried moving $118,000 from Foresight Sports in in May. And during the same time frame, aimed to move $738,000 from California Furniture Collections.
To all related charges, Nikolov pleaded not guilty—through a translator. He speaks very little English, according to some sources. Additionally, he opted out of a detention hearing; thus, he will stay in jail until his next court appearance. After the arraignment hearing, the defense attorney Stephen Begler said that it was “too early to determine what course we’re going to take.” Referring to the government, he said “I’m hoping they have the right guy for their sake. They went all the way to Bulgaria to get him.”
The Avalanche takedown, Michèle Coninsx, President of Eurojust said, completely neutralized the Avalanche network. Even though law enforcement only arrested five members, the five played an integral role in the operation’s structure. “We have captured the top, the head of the snake,” Fernando Ruiz, the head of operations at Europol’s Cybercrime Center, said. “We are sure that this will have a very huge impact.” So, if foreign governments accurately assessed the suspects they captured, Nikolov may have been one of the most prominent operatives. If the above is true, then the US sending agents to Bulgaria to arrest him is not out of the ordinary.
Nikolov faces 100 years in prison and a possible fine of up to $3,500,000.