MOSCOW, RUSSIA – Alexei Stroganov, the notorious Russian cybercriminal known by aliases ‘Flint’ and ‘Flint24’, has been convicted and sentenced to up to 15 years in prison by a Russian military court on Monday, March 30, 2026. The verdict marks a significant development in the global fight against organized cybercrime, though Stroganov remains wanted by US authorities for related charges.
The Charges: Unmasking a Cybercrime Empire
Alexei Stroganov, also known as “Aleksei Stroganov,” “Gursky Oleg,” “Oleg Gurskiy,” and “Строганов Алексей Тимофеевич,” faced charges in Russia for leading a sophisticated cybercrime group involved in the illegal trafficking of payment card data. The Russian military court also imposed fines totaling up to $57,000. He had pleaded not guilty to the charges.
In the United States, Stroganov is wanted on an unsealed indictment from January 2024, charging him with one count of conspiracy to commit wire fraud affecting a financial institution, three counts of wire fraud, three counts of bank fraud, and three counts of aggravated identity theft. These charges stem from allegations of a criminal conspiracy spanning from at least May 2007 to July 2017.
Scale of the Crime: A Global Web of Deceit
Stroganov’s cybercrime group, dubbed “Flint24,” orchestrated a massive payment card fraud scheme that resulted in financial losses exceeding $35 million for various financial institutions. The operation involved extensive computer intrusions to steal debit and credit card numbers, along with associated personal identifying information. His network is alleged to have harvested data from hundreds of millions of credit card and banking accounts, distributing this stolen information through approximately 90 online stores operated by the group members.
The stolen data, often referred to as “dumps” and including CVV and CVC codes, facilitated fraudulent online payments and withdrawals from bank accounts across Russia, other post-Soviet countries, the European Union, and the United States. Major US retailers such as Neiman Marcus and Michaels were among the high-profile targets. Stroganov is also believed to have moved hundreds of millions of dollars through the BTC-e cryptocurrency exchange, which was seized by US authorities in 2017.
Who Is Alexei Stroganov? The Cybercriminal’s Double Life
Alexei Stroganov is a Russian national with a career steeped in cybercrime, reportedly active in underground forums since 2001. His criminal journey includes a prior conviction in 2006 by a Moscow court for participating in a carding group, for which he was sentenced to six years but released after two. Astoundingly, after his release, he reportedly worked as a cybersecurity consultant, ostensibly helping banks and payment systems defend against hacking attacks. However, this profession served as a cover for his continued and escalating criminal enterprises.
Investigation Details: Unraveling the ‘Flint24’ Network
The Russian Federal Security Service (FSB) spearheaded the investigation in Russia, uncovering the fraud through a sophisticated carding operation. Investigators conducted an undercover purchase via a website operated by Stroganov’s group, successfully obtaining stolen card details, including crucial CVV and CVC codes. This led to coordinated raids in March 2020 at 60 locations across 11 Russian regions, resulting in the detention of most suspects.
In the United States, the U.S. Secret Service launched its own investigation, leading to the charges against Stroganov and his alleged associate, Tim Stigal. The prosecution is being handled by the U.S. Attorney’s Office for the District of New Jersey and the U.S. Department of Justice Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS). During the Russian searches, approximately $432,000 in cash was seized, underscoring the lucrative nature of the operation.
“Stroganov’s case highlights the persistent challenge of international cybercrime, where borders often complicate justice. His ability to operate for years, even after a prior conviction, points to systemic vulnerabilities in monitoring and rehabilitation within the cybercriminal underworld.”
What Happens Next: A Tale of Two Jurisdictions
With his sentencing in Russia, Alexei Stroganov faces a lengthy imprisonment. However, the legal saga is far from over. He remains a wanted man in the United States, where a conviction could lead to a combined sentence of up to 52 years for wire fraud, bank fraud, and aggravated identity theft. Yet, Russia rarely extradites its citizens to the U.S., creating a jurisdictional impasse that frequently complicates the pursuit of justice in transnational cybercrime cases. The US charges, unsealed in early 2024, indicate an ongoing desire to bring him to justice on American soil.
Protecting Yourself: Vigilance in a Digital World
The Stroganov case serves as a stark reminder of the pervasive threat of payment card fraud. One significant red flag was Stroganov’s prior conviction in 2006; his subsequent alleged work as a cybersecurity consultant while continuing his criminal activities highlights the audacity of such perpetrators. Cybersecurity experts also suggest that Russian authorities often tolerate cyberattacks aimed at foreign targets, but Stroganov’s group may have crossed a ‘golden rule’ by victimizing Russian citizens and banks, ultimately triggering the FSB’s intervention. Consumers and financial institutions alike must remain hyper-vigilant. Regularly review bank and credit card statements for suspicious activity, utilize strong, unique passwords, and enable multi-factor authentication whenever possible. Companies should invest in robust cybersecurity infrastructure and employee training to defend against sophisticated intrusion attempts. For more information on preventing financial crime, visit related fraud investigations on The Financial Standard.




