Mario Kart / TA-551 multi-alias threat group
Threat Actor Meta
Summary
Hide ▲
Show ▼
Mario Kart / TA-551 now maps to a clearer multi-alias threat group, sharpening attribution around a botnet-enabled ransomware access ecosystem. The alias cluster matters because it unifies FBI and community naming for the same operator set. That clarity improves tracking of related delivery infrastructure and downstream extortion activity.
Related Happenings
LiteLLM PyPI credential-stealing malware compromise
Malware Activity
First: 25.03.2026 14:00
Last: 25.03.2026 14:00
Sources 1
About this happening:
The **LiteLLM** package on **PyPI** was compromised with **credential-stealing malware**, putting downstream environments at risk of secret theft and persistence. Malicious releas...
LiteLLM PyPI credential-stealing malware compromise
Malware ActivityAbout this happening: The **LiteLLM** package on **PyPI** was compromised with **credential-stealing malware**, putting downstream environments at risk of secret theft and persistence. Malicious releas...
Ilya Angelov sentencing in BitPaymer botnet case
Law Enforcement
First: 25.03.2026 10:47
Last: 25.03.2026 10:47
Sources 1
How related:
Russian cybercriminal Ilya Angelov, known online as ‘Milan’ and ‘Okart’, has been sentenced to two years in federal prison for his role in the administration of a botnet used to facilitate ransomware attacks, the DOJ announced on Tuesday.
About this happening:
**Ilya Angelov** was sentenced to **two years in prison** for managing a phishing botnet tied to **BitPaymer ransomware** attacks against **72 U.S. companies**. The sentence close...
Ilya Angelov sentencing in BitPaymer botnet case
Law EnforcementHow related: Russian cybercriminal Ilya Angelov, known online as ‘Milan’ and ‘Okart’, has been sentenced to two years in federal prison for his role in the administration of a botnet used to facilitate ransomware attacks, the DOJ announced on Tuesday.
About this happening: **Ilya Angelov** was sentenced to **two years in prison** for managing a phishing botnet tied to **BitPaymer ransomware** attacks against **72 U.S. companies**. The sentence close...
TA551 campaign expands across multiple victims
Campaign
First: 25.03.2026 10:47
Last: 25.03.2026 10:47
Sources 1
How related:
According to the DOJ, Angelov was part of a threat group tracked by the FBI as Mario Kart, and by the cybersecurity community as TA-551, Shathak, Gold Cabin, Monster Libra, G0127, and ATK236.
About this happening:
The **TA551 / Mario Kart** operation ran a **massive spam-email malware campaign** that spread infections worldwide and enabled later access sales to ransomware crews. At peak, it...
TA551 campaign expands across multiple victims
CampaignHow related: According to the DOJ, Angelov was part of a threat group tracked by the FBI as Mario Kart, and by the cybersecurity community as TA-551, Shathak, Gold Cabin, Monster Libra, G0127, and ATK236.
About this happening: The **TA551 / Mario Kart** operation ran a **massive spam-email malware campaign** that spread infections worldwide and enabled later access sales to ransomware crews. At peak, it...
Angelo Martino DOJ charge in BlackCat insider ransomware scheme
Law Enforcement
First: 12.03.2026 13:31
Last: 12.03.2026 13:31
Sources 1
About this happening:
**Ryan Goldberg** and **Kevin Martin** were sentenced to **four years in prison** for helping **BlackCat (ALPHV)** carry out ransomware attacks against **multiple U.S. organizatio...
Angelo Martino DOJ charge in BlackCat insider ransomware scheme
Law EnforcementAbout this happening: **Ryan Goldberg** and **Kevin Martin** were sentenced to **four years in prison** for helping **BlackCat (ALPHV)** carry out ransomware attacks against **multiple U.S. organizatio...
Latest development: 01.05.2026 14:30
Ryan Goldberg and Kevin Martin were each sentenced to four years in prison for helping BlackCat/ALPHV conduct ransomware attacks against multiple U.S. organizations. Court documents say they worked with Angelo Martino, shared ransom proceeds with BlackCat administrators, and in one case received a Bitcoin ransom worth $1.2m; prosecutors also said patient data was leaked in a healthcare-sector attack.
Diesel Vortex freight and logistics phishing campaign
Campaign
First: 25.02.2026 01:57
Last: 25.02.2026 01:57
Sources 1
About this happening:
The **Diesel Vortex** phishing campaign is stealing freight-sector credentials across the **U.S. and Europe**, raising the risk of account compromise, cargo fraud, and downstream...
Diesel Vortex freight and logistics phishing campaign
CampaignAbout this happening: The **Diesel Vortex** phishing campaign is stealing freight-sector credentials across the **U.S. and Europe**, raising the risk of account compromise, cargo fraud, and downstream...
Timeline
-
25.03.2026 16:30 2 articles · 2mo ago
Angelov sentencing reinforces Mario Kart / TA-551 alias mapping
Attribution UpdateRussian cybercriminal Ilya Angelov, known online as Milan and Okart, received a two-year federal prison sentence after prosecutors tied him to a botnet used to facilitate ransomware attacks and to the alias cluster tracked as Mario Kart, TA-551, Shathak, Gold Cabin, Monster Libra, G0127, and ATK236.
Show sources
- Russian Cybercriminal Gets 2-Year Prison Sentence in US — www.securityweek.com — 25.03.2026 16:30
- Russian Cybercriminal Gets 2-Year Prison Sentence in US — www.securityweek.com — 25.03.2026 16:30