Russian Cybercriminal “Aels” Evades U.S. Extradition, Resurfaces in Russia with Renewed Activity

Andrei Vladimirovich Tarasov, a 33-year-old Russian national and notorious cybercrime figure known online as “Aels,” has resurfaced in Russia after evading extradition to the United States. Despite being on the U.S. Secret Service’s Most Wanted list, Tarasov is reportedly active again in the cybercrime underground.

Tarasov was released from Berlin’s Moabit Prison on January 5, 2024, after being detained for six months. He was arrested in Germany in July 2023 on charges filed by U.S. authorities, but the Berlin Superior Court of Justice ruled that the U.S. case lacked sufficient evidence, leading to his release.

After his release, Tarasov used the BlaBlaCar ride-sharing app to travel undetected through Poland and into Russia’s Kaliningrad territory before flying to Moscow. As Russia does not extradite its citizens, Tarasov is now out of reach of U.S. law enforcement.

Tarasov was indicted by a grand jury in New Jersey in June 2023 alongside co-defendants Maksim Silnikau and Volodymyr Kadariya. They face charges of conspiracy to commit wire fraud, computer fraud and abuse, and multiple counts of wire fraud. The trio allegedly operated a decade-long cybercriminal scheme from 2013 to 2022 using “malvertisements” to spread malware via the Angler exploit kit.

The Angler exploit kit, once responsible for 40% of all exploit attacks globally, delivered malicious software to millions of computers by exploiting vulnerabilities in programs like Adobe Flash and Microsoft Silverlight. Tarasov is credited with developing advanced traffic distribution systems that selectively targeted victims, making detection difficult.

Remarkably, Tarasov has maintained a presence on cybercrime forums under aliases such as “Aels” and “Lavander.” On Telegram, he participates in spam-related channels and on GitHub, he continues to update projects like “MadCat Mailer,” a tool for mass emailing and spamming. Just this month, on May 3, 2025, he posted about plans to hack Zimbra servers at scale.

According to forum posts and leaked communications, Tarasov claims he was once approached by FBI agents who sought his cooperation in tracking high-profile cybercriminals, including a hacker with a $10 million bounty. He reportedly provided information about a threat actor known as “stern,” motivated by personal loss linked to Russia’s invasion of Ukraine.

Tarasov, who has openly expressed anti-Russian sentiments in online forums, now seems to regret his brief cooperation with U.S. authorities. In a recent message on the XSS cybercrime forum, he wrote: “My mistake was an attempt to make friendship with both sides. It will be a good idea to leave EU and disappear after first meeting [with law enforcement].”

Despite his fugitive status, Tarasov displays a link to the U.S. Secret Service Most Wanted page on his Instagram profile — a symbolic badge of defiance.

As global authorities continue to track his movements, Tarasov’s return to Russia marks a troubling development in the fight against international cybercrime. His renewed activity highlights the persistent challenge of prosecuting cybercriminals who operate across borders and exploit legal loopholes.