Group-IB’s report says fxmsp and his group sold network access to hotel chains, banks and other financial firms, making at least $1.5 million from their operation. As a result of their activities, their victims reportedly lost tens of millions of dollars to malware and network damage. They’ve been inactive since last year after fxmsp made headlines for advertising access to data from popular cybersecurity firms McAfee, Trend Micro and Symantec. However, at least one cybersecurity firm believes they’re still operating under different names.

Turchin has been charged with conspiracy to commit computer hacking, two counts of computer fraud and abuse, conspiracy to commit wire fraud and access device fraud. Law enforcement officials say he’s likely aware of the charges and that extradition to the US is unlikely, because Kazakhstan does not extradite nationals.