Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

Andrey Shevlyakov, an Estonian national, was charged in the US with conspiracy and other charges related to acquiring U.S.-made electronics on behalf of the Russian government and military.

The Estonian man is accused of having helped the Russian government and military to purchase US-made electronics and hacking tools.

The defendant was arrested in Estonia on March 28, 2023, he used several Estonian-based business entities (the “Estonian Shell Companies”) to buy goods that would have been unavailable to Russian end-users. 

“As alleged in the indictment and other court filings, Shevlyakov procured sensitive electronics from U.S. manufacturers on behalf of Russian end-users, including defense contractors and other Russian government agencies.  Most of these items would have been unavailable to Russian end-users if ordered directly for shipment to Russia.” reads a press release published by DoJ. “Shevlyakov also attempted to acquire computer hacking tools.”

Shevlyakov purchased multiple items, including low-noise pre-scalers and synthesizers (used to conduct high-frequency communications) and analog-to-digital converters, which are components used in defense systems such as electronic warfare systems and missiles.

In 2012, the US government added Shevlyakov to Entity List, a ban list for procuring and delivering export-restricted items to Russia. The man circumvented the ban using false names and a network of front companies. In order to deliver the purchased goods, the man ran an intricate logistics operation involving frequent smuggling trips across the Russian border by himself and others. 

In May 2020, Shevlyakov used one of his front companies to buy a licensed copy of the penetration testing platform Metasploit Pro.

“A license to use Metasploit Pro costs approximately $15,000.  In the email, the individual asked Shevlyakov’s front company to acquire Metasploit and detailed a history of prior failed attempts to acquire the software through third parties in countries outside Russia.” continues the press release. “The individual added that the software was “dual use” and that accordingly, “sales to Russia are virtually impossible.”  Thus, the individual said, “we cannot reveal the end user, nor can we identify ourselves.”  On or about June 1, 2020, the front company email address wrote back, listing prices for different versions of Metasploit Pro.” 

The Estonian man exported at least $800,000 worth of items from U.S. electronics manufacturers and distributors between approximately October 2012 and January 2022.

“For years, Mr. Shevlyakov’s elaborate web of deceit allowed him to allegedly procure sensitive American-made electronics on behalf of the Russian military,” said FBI Houston Special Agent in Charge James Smith. “His illegal acquisitions of sophisticated U.S. technology endangered citizens in both Ukraine and the United States. FBI Houston will continue to work with our valued international partners, especially the Estonian Internal Security Service (KAPO), to investigate and disrupt actors who illicitly support the unprovoked invasion of Ukraine by Russian armed forces.”

“As these actions have proven, BIS will continue to hunt down and bring to justice those who harm our national security and illicitly supply the Russian regime,” said Special Agent in Charge McClish.       

If convicted, the defendant faces a maximum of 20 years’ imprisonment.

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:

• The Teacher – Most Educational Blog
• The Entertainer – Most Entertaining Blog
• The Tech Whizz – Best Technical Blog
• Best Social Media Account to Follow (@securityaffairs)

Please nominate Security Affairs as your favorite blog.

Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Estonian National)