Cyber Threat Actor: Denis Zayev
| Actor Type | Location | Known Incidents |
Criminal
|
Russia
|
1 incident |
|---|
Profile
Denis Zayev,also known by the alias Denis Zayev, is a Russian hacker who was apprehended by the Russian Federal Security Service in early 2018. He resides in Russia and was arrested in Stavropol after developing and deploying malicious software designed to defraud customers at electronic gas stations. Zayev’s activities came to light after authorities linked him to a scheme that manipulated fuel pump systems to overcharge patrons and divert fuel to concealed tanks.
The actor’s typical targets were electronic gas station infrastructure, specifically pump controllers and cash register systems located across Southern Russia, including the Stavropol Territory, Adygea, Krasnodar Territory, Kalmykia, and several North Caucasus republics. His strategic objective was financial gain, achieved by installing malware that added a 3‑7 % surcharge per gallon dispensed while simultaneously redirecting that same volume of fuel into hidden storage tanks operated with the complicity of station personnel. The malicious software ran on both pump hardware and cash registers, enabling falsified receipts that concealed the theft and allowed operators to resell the diverted fuel as legitimate sales. Zayev reportedly sold the malware to station operators, retained a partnership in the fraudulent enterprise, and received a share of the illicit proceeds.
Attribution to Denis Zayev is established through his arrest by Russian authorities and the detailed description of his role in creating and distributing the fraudulent software; no state sponsorship or broader criminal consortium is explicitly cited in the available sources. The most significant publicly reported operation linked to him is the 2018 malware campaign that compromised dozens of gas stations throughout Southern Russia, resulting in systematic overcharging and fuel diversion before his capture. This campaign exemplifies the actor’s focus on financially motivated attacks against retail fuel infrastructure using custom pump‑and‑register malware.
