Full Report
A Russian national was also indicted for running the platform. The post DOJ announces takedown of alleged laundering platform used by cybercriminal groups appeared first on CyberScoop.
Analysis Summary
# Threat Actor: Mykhalio Petrovich Chudnovets (Operator of E-Note Platform)
## Attribution & Identity
* **Identity:** Mykhalio Petrovich Chudnovets, a Russian national.
* **Associated Groups/Platform:** Creator and operator of the alleged money laundering platform named **E-Note** (also referred to as an online platform and cryptocurrency exchange/payment processing service).
* **Known Aliases:** None specified in the context, only the named individual.
## Activity Summary
Chudnovets allegedly controlled and operated the E-Note platform, providing money-laundering services to various cybercriminals for years.
* **Duration:** Services began around 2010, running as a personal operation initially, and later evolving into a scalable online platform between approximately 2011 and 2025.
* **Recent Activity (as of indictment):** The E-Note service was actively used to move proceeds from ransomware and other cybercrime activities, involving money generated from US victims.
* **Scale of Illicit Funds:** The FBI identified over **$70 million** in illicit proceeds transferred via E-Note and its associated money-mule network since 2017.
## Tactics, Techniques & Procedures
The focus of the illegal activity detailed is financial—specifically money laundering rather than intrusion techniques.
* **TTP 1 (Financial):** Functioned as an illegal cryptocurrency exchange and payment processing service.
* **TTP 2 (Money Laundering):** Utilized a network of "money mules" as part of the laundering mechanism, evolving from ad-hoc arrangements to a streamlined business model.
* **TTP 3 (Infrastructure Operation):** Maintained and operated dedicated online infrastructure, including servers, mobile applications, and specific websites for service provision.
* **MITRE ATT&CK IDs:** No specific TTPs or MITRE ATT&CK IDs were mentioned in the provided text.
## Targeting
* **Sectors:** Victims whose funds were laundered included organizations in **health care** and **critical infrastructure**.
* **Geography:** Funds involved were stolen or extorted from **U.S. victims**. The indicted national is believed to be in Russia.
* **Victims:** Unspecified U.S. organizations within the healthcare and critical infrastructure sectors.
## Tools & Infrastructure
* **Malware Families Used:** Directly associated with *proceeds* from ransomware attacks, but no specific malware family used by **Chudnovets** himself is listed, only the cybercrimes whose illicit funds were laundered.
* **Infrastructure:**
* Platform Name: **E-Note**
* Seized Websites/Domains: `e-note.com`, `e-note.ws`, and `jabb.mn` (Defanged: hxxps://e-note.com, hxxps://e-note.ws, hxxps://jabb.mn)
* Other assets seized: Servers hosting the operation, mobile applications, customer databases, and transaction records.
## Implications
The takedown exposes a critical logistical piece of the cybercrime ecosystem—the financial off-ramp. By dismantling E-Note, authorities have disrupted a long-running, sophisticated mechanism used to convert ransomware and theft proceeds into usable funds, potentially enabling attribution across user networks via seized transaction logs. The longevity of the operation (2010–2025) indicates resilience and effective obfuscation until coordinated international action.
## Mitigations
* **Financial Hygiene/Compliance:** Increased scrutiny of cryptocurrency exchange and payment processing services regarding KYC/AML procedures, especially those serving international clients related to high-risk sectors.
* **Data Recovery Focus:** Investing in capabilities to analyze seized customer databases and transaction records from collapsed illicit financial platforms to trace prior illicit flows and identify entire ransomware networks.
* **International Cooperation:** Reliance on and support for international law enforcement actions (in this case, German and Finnish agencies) to dismantle transnational cybercriminal logistics.