A Russian military court sentenced 26 members of the cybercrime group Flint24 to prison terms of up to 15 years, including the network’s alleged leader Alexei Stroganov — a notorious hacker also wanted by U.S. authorities for large-scale payment card fraud.

The defendants were convicted of forming an organized criminal group and illegally trafficking payment card data, the court’s press service reportedly said Saturday. The court also imposed fines of up to $57,000.

Stroganov, known by the alias “Flint,” received one of the longest sentences, and another member, reserve warrant officer I. N. Voroshilov — previously attached to a unit of Russia’s Southern Military District — was also handed a prison term.

According to the court, Stroganov and his accomplices ran a sophisticated carding operation for years, acquiring and selling stolen payment card data used to withdraw funds from bank accounts outside Russia.

Investigators said the group operated a website that sold so-called “dumps” — data used to encode information onto the magnetic stripes of payment cards. During an undercover purchase conducted by Russia’s Federal Security Service (FSB), investigators obtained stolen card details along with CVV and CVC codes, enabling fraudulent online payments.

Authorities said the network operated between 2014 and March 2020, stealing payment card data belonging to victims in Russia, other post-Soviet countries, the European Union and the United States. The stolen information was distributed through roughly 90 online stores set up by members of the group.

Law enforcement detained most of the suspects in March 2020 during coordinated raids at 60 locations across 11 Russian regions. During searches, investigators seized about $432,000 in cash.

The case has been under consideration since February 2025and was heard by a military court because one of the defendants was serving in the armed forces when the investigation began.

Stroganov was previously convicted of cybercrime in 2006, when a Moscow court sentenced him to six years in prison for participating in a carding group led by Ukrainian national Artur Lyashenko that produced thousands of counterfeit payment cards used around the world, including the U.S.and Europe.

After serving that sentence, Stroganov reportedly worked as a cybersecurity consultant helping banks and payment systems defend against hacking attacks, according to the Russian newspaper Kommersant. He pleaded not guilty in the latest case. 

Separately, Stroganov was placed on a wanted list by the U.S. Secret Service in early 2024 when U.S. prosecutors charged him with wire fraud, bank fraud and aggravated identity theft.

According to American investigators, Stroganov was part of a cybercrime conspiracy that, from at least 2007 to 2017, hacked corporate and personal computer networks to steal credit card numbers and other sensitive financial information.

Prosecutors alleged the operation harvested data linked to hundreds of millions of payment cards and bank accounts. Stroganov allegedly oversaw a network of resellers who distributed the stolen data on dark web forums, generating losses exceeding $35 million for financial institutions.

Russia rarely extradites its citizens to the U.S.

In a separate case last week, Russian authorities detained a suspected administrator of LeakBase, a major online marketplace for stolen data, including banking information, login credentials and corporate documents obtained through hacking operations. The arrest followed a coordinated international operation earlier this month targeting LeakBase’s infrastructure.