CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Mario Kart botnet operator sentenced for facilitating ransomware attacks via phishing campaigns

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A Russian national was sentenced to two years in prison for managing the Mario Kart botnet, a phishing infrastructure used to distribute malware that enabled BitPaymer ransomware attacks against 72 U.S. companies. The operator, identified as Ilya Angelov, recruited affiliates, oversaw malware development and distribution, and sold access to infected systems to RaaS affiliates. The botnet operated at scale, infecting up to 3,000 computers daily through spam campaigns that peaked at 700,000 emails per day between 2017 and 2021. The operation generated over $14 million in extortion payments from identified U.S. victims alone, with additional payments linked to botnet access sold to other cybercriminal groups, including the IcedID gang and TrickBot affiliates.

Timeline

  1. 25.03.2026 10:47 1 articles · 1h ago

    Mario Kart botnet operator sentenced for facilitating BitPaymer ransomware attacks

    Ilya Angelov sentenced to two years in prison for managing the Mario Kart phishing botnet used to distribute malware that enabled BitPaymer ransomware attacks against 72 U.S. companies. The botnet operated at scale from 2017 to 2021, infecting up to 3,000 systems daily via spam campaigns reaching 700,000 emails per day, and sold access to RaaS affiliates and other cybercriminal groups. Confirmed financial impact includes over $14 million in extortion payments from identified U.S. victims and $1 million in payments from the IcedID gang for botnet access.

    Show sources
    Open in new tab

Information Snippets

  • Ilya Angelov (handles: milan, okart) was sentenced to two years in prison after pleading guilty to managing the Mario Kart phishing botnet used in BitPaymer ransomware attacks.

    First reported: 25.03.2026 10:47
    1 source, 1 article
    Show sources

  • The Mario Kart botnet infected approximately 3,000 devices per day at its peak, distributing malware via spam campaigns that sent up to 700,000 emails daily.

    First reported: 25.03.2026 10:47
    1 source, 1 article
    Show sources

  • The botnet was operational between 2017 and 2021, with ransomware attacks attributed to BitPaymer occurring between August 2018 and December 2019 against 72 U.S. companies.

    First reported: 25.03.2026 10:47
    1 source, 1 article
    Show sources

  • The operation generated over $14 million in extortion payments from identified U.S. victims and an additional $1 million in payments from the IcedID gang for botnet access between late 2019 and August 2021.

    First reported: 25.03.2026 10:47
    1 source, 1 article
    Show sources

  • Angelov was a co-leader of the cybercriminal group alongside other operators, overseeing recruitment, malware development, spam tooling, and evasion techniques.

    First reported: 25.03.2026 10:47
    1 source, 1 article
    Show sources

  • The gang collaborated with other cybercrime groups, including TrickBot (Wizard Spider) for Conti ransomware campaigns and was linked to Lockean ransomware operations via Qbot/QakBot infections.

    First reported: 25.03.2026 10:47
    1 source, 1 article
    Show sources