The fact that the secrecy over the indictment was being abandoned was stated in a court document on 7 July.
"The United States of America, by and through undersigned counsel, respectfully requests that the court issue an order directing the Clerk of the Court to unseal the docket and pleadings in the above-captioned matter," it said.
Group-IB named the man, known by his handle FXMSP, as Andrey Turchin of Kazakhstan, an individual against whom the US had issued an sealed indictment on 12 December 2018, charging him with various counts of "Computer Fraud and Abuse, Wire Fraud, Conspiracy to commit those offences, and Access Device Fraud, relating to his involvement in a sophisticated computer hacking scheme targeting victims in the United States and elsewhere", according to a court document.
Yesterday, the US DoJ unsealed an indictment charging Andrey Turchin aka #Fxmsp with computer crimes. The prime of the cybercriminal's 'career' was in detail described in Group-IB report issued last month: https://t.co/GGdxQBKvwv— Group-IB (@GroupIB_GIB) July 8, 2020
The court document said: "In June 2020, a foreign-based private cyber security firm published a comprehensive report: 'FXMSP: The Invisible God of Networks'. In addition to tracking FXMSP’s evolution and his group’s exploits and list of victims, this report publicly identified FXMSP as Andrey Turchin, of Kazakhstan, and provided a detailed explanation of the researchers’ attribution determination.
"Since its publication, various news outlets in the United States and abroad, citing the report, have published articles about FXMSP and his identification as Turchin."
It added: "Turchin remains a fugitive, and the United States continues to work with foreign authorities and to pursue his apprehension to face charges in the United States. Given the unique circumstances of this matter, which include, among other things, Turchin’s knowledge of the criminal charges in the United States and his public identification as the prolific hacker FXMSP, the government concludes that competing interests to the contrary outweigh its interest in maintaining this matter under seal."
The FXMSP case serves as a lesson learned for vendors. A detailed report published by a security vendor has seemingly forced LE to unseal a criminal indictment, publicize a case and likely introduced new challenges for their investigationhttps://t.co/w5WmhIwruP [03/05]— Intel 471 (@Intel471Inc) July 8, 2020
Cyber crime intelligence provider Intel471, which co-operates with the FBI, commented: "The FXMSP case serves as a lesson learned for vendors. A detailed report published by a security vendor has seemingly forced LE (law enforcement) to unseal a criminal indictment, publicise a case and likely introduced new challenges for their investigation."
Another Russian firm, Kaspersky, fell foul of the US Government due to its frequent reports identifying attacks by the NSA and other Western spy units and, in at least one case, forcing an American agency to withdraw a tool from public use after it was named in a Kaspersky report.
In 2014, Kaspersky's researchers exposed an attack by Britain's GCHQ on a Belgian telecommunications provider. The following year, Kaspersky revealed the doings of an entity it called the Equation Group; this group has been, for years, known to be an arm of the NSA.
Kaspersky also detailed how the Stuxnet operation was carried out to cripple Iran's nuclear program. Stuxnet was discovered by Sergey Ulasen in 2010; he joined Kaspersky Lab a year later. The virus was infiltrated into Iran's nuclear labs through an USB drive as the lab was not connected to any external network.
In 2014, Israeli Government hackers breached the Kaspersky network; after the company found out in 2015, it wrote a detailed analysis of the incident.
While Kaspersky did what was legitimate as these attacks were being carried out by publicly available malware that could also affect ordinary people using Windows computers, the Americans were unhappy about it and launched a campaign that finally ended Kasperksy's contracts with the public sector.
As iTWire reported, FXMSP has been operating since 2017 in a number of well-known Russian- and English-speaking underground communities, and had been known to breach networks using externally available remote desktop protocol servers and exposed active directory servers.