| CyberScoop
cyberscoop.com
Written by Matt Kapko
November 7, 2025

Aleksei Olegovich Volkov served as an initial access broker and was involved in attacks on seven U.S. businesses from July 2021 through November 2022.
A25-year-old Russian national pleaded guilty to multiple charges stemming from their participation in ransomware attacks and faces a maximum penalty up to 53 years in prison.

Aleksei Olegovich Volkov, also known as “chubaka.kor,” served as the initial access broker for the Yanluowang ransomware group while living in Russia from July 2021 through November 2022, according to court records. Prosecutors accuse Volkov and unnamed co-conspirators of attacking seven U.S. businesses during that period, including two that paid a combined $1.5 million in ransoms.

The victims, which included an engineering firm and a bank, said executives received harassing phone calls and their networks were hit with distributed denial of service attacks after their data was stolen and encrypted by Yanluowang ransomware operators.

Cisco wasn’t named in the court filings for Volkov’s case, but the enterprise networking and security vendor said it was impacted by an attack attributed to Yanluowang ransomware in May 2022. Cisco linked the attack to an initial access broker who had ties to UNC2447, Lapsus$ and Yanluowang ransomware operators.

Volkov identified targets, exploited vulnerabilities in their systems, and shared access with co-conspirators for a flat fee or percentage of the ransom paid by the victim, according to prosecutors.

Some of Volkov’s alleged victims were unable to function normally without access to their data and had to temporarily shut down operations in the wake of the attacks. Prosecutors said the total amount demanded in ransoms from all seven victims was $24 million.

The FBI said it traced cryptocurrency transactions related to the payments to accounts reportedly owned by Volkov and a co-conspirator, “CC-1,” who was residing in Indianapolis at the time.

Blockchain analysis allowed the FBI to confirm Volkov’s identity and uncover multiple accounts they used to communicate with co-conspirators about ransomware attacks, payments and splitting illicit proceeds from their criminal activities, according to court records.

Volkov, who is also identified as Aleskey Olegovich Volkov in the unsealed indictment, was arrested Jan. 18, 2024, in Rome, where they were living at the time. Volkov was later extradited to the United States and remains in custody in Indiana.

Volkov previously filed an intention to plead guilty in April in the U.S. District Court for the Eastern District of Pennsylvania and agreed to have their case transferred to the U.S. District Court for the Southern District of Indiana.

Volkov pleaded guilty to six charges Oct. 29, including unlawful transfer of a means of identification, trafficking in access information, access device fraud, aggravated identity theft, conspiracy to commit computer fraud and conspiracy to commit money laundering. Court Watch was the first to report on Volkov’s guilty plea.

The plea agreement, which was filed Monday, did not include an agreed upon sentence, but Volkov is required to pay a combined restitution of nearly $9.2 million to the seven victims. Volkov’s attorney did not respond to a request for comment.

therecord.media - Prosecutors said Chapman helped the North Korean IT workers obtain jobs at 309 companies, including a major television network, a car maker, a media company, a Silicon Valley technology company and more.
A U.S. District Court judge sentenced an Arizona woman to eight and a half years in prison for running a laptop farm used by North Korea’s government to perpetrate its IT worker scheme.

Christina Chapman pleaded guilty in February to wire fraud, money laundering and identity theft after the FBI discovered she was an instrumental cog in a wider campaign to get North Koreans hired in six-figure IT roles at prominent companies.

Prosecutors said Chapman helped the North Korean IT workers obtain jobs at 309 companies, including a major television network, a car maker, a media company, a Silicon Valley technology company and more. Members of the same group unsuccessfully tried to get employed at two different U.S. government agencies.

After North Korean officials obtained employment using fake identities, work laptops were sent to a home owned by Chapman, where she enabled the workers to connect remotely to the U.S. companies’ IT networks on a daily basis.

The FBI seized more than 90 laptops from Chapman’s home during an October 2023 raid. In addition to hosting the laptops and installing software that allowed the North Koreans to access them remotely, she also shipped 49 laptops to locations overseas, including multiple shipments to a Chinese city on the North Korean border.

In total, Chapman’s operation helped generate $17 million for the North Korean government. Security companies and law enforcement have not said how many laptop farms they estimate are scattered across North America and Europe but the DOJ called Chapman’s case “one of the largest North Korean IT worker fraud schemes charged by the Department of Justice.”

Her part of the operation involved 68 stolen identities and she reported millions in income to the IRS under the names of the people who had their identity stolen.

She forged payroll checks with the fake identities and typically managed the wages received from U.S. companies through direct deposit. She would then transfer the earnings to people overseas.

District Court Judge Randolph Moss ordered the 50-year-old Chapman to serve a 102-month prison term and three years of supervised release. She will have to forfeit nearly $300,000 that she planned to send to North Korea before her arrest and will pay a fine of more than $175,000.

Chapman was arrested last May as part of a wider takedown of North Korea’s scheme to have hundreds of their citizens hired at unwitting U.S. companies in IT positions.

Chapman was initially charged alongside a 27-year-old Ukrainian, Oleksandr Didenko, for helping at least three workers who operated under the aliases Jiho Han, Chunji Jin and Haoran Xu. The three were hired as software and applications developers with companies in a range of sectors and industries.

U.S. State Department officials said the three North Koreans assisted by Chapman and Didenko “are linked to the DPRK’s Munitions Industry Department, which oversees the development of the DPRK’s ballistic missiles, weapons production, and research and development programs.”

Didenko was arrested in Poland last year and the U.S. is seeking his extradition.

A 20-year-old man believed to be a member of the cybercrime ring known as Scattered Spider has pleaded guilty to charges brought against him in Florida and California.

Noah Urban of Palm Coast, Florida, was arrested in January 2024 and charges against him were unsealed by US authorities in November 2024, when four others believed to be members of Scattered Spider were named.

Ukrainian national Mark Sokolovsky has pleaded guilty to his involvement in the Raccoon Stealer malware-as-a-service (MaaS) cybercrime operation.

Two foreign nationals pleaded guilty today to participating in the LockBit ransomware group—at various times the most prolific ransomware variant in the world—and to deploying LockBit attacks against victims in the United States and worldwide.

Russian national Vladimir Dunaev found guilty for developing TrickBot malware, facing up to 35 years in prison.