How cybercriminals used hacked accounts and fake documents to steal millions in Uzbekistan
Cybercriminals in Uzbekistan have used hacked Telegram accounts, fake law enforcement identities and malicious software to target senior officials and ordinary citizens alike, stealing millions of soums through sophisticated social engineering schemes, according to court documents reviewed by Kun.uz.
One of the most notable incidents occurred on December 3, 2025, when cybercriminals gained control of the Telegram account of Gijduvon District Governor Farkhod Umarov. Messages requesting short-term loans were then sent to his contacts. Because the requests appeared to come directly from the governor's account, more than a dozen people transferred money to bank cards specified by the fraudsters, sending over UZS 80 million within a few hours.
The case is part of a broader pattern of attacks that has recently prompted ministries, state committees and other government agencies to warn employees about fake Telegram accounts impersonating senior officials.
For example, staff members of the Customs Committee received messages purportedly from Committee Chairman Akmal Khojamkulov, claiming that an investigator from the Anti-Corruption Agency would soon contact them regarding a confidential internal investigation. The committee later confirmed that the account was fake and urged employees not to trust such messages.
Similar warnings have also been issued by the Ministry of Sports, the Academy of Sciences, Hududiy Elektr Tarmoqlari JSC, and several other institutions.
How the scheme worked
Court materials show that one of the fraud attempts targeted Rohilakhon Otayeva, deputy chairperson of the Bukhara Regional Election Commission, on December 1, 2025.
She first received a Telegram message from an account impersonating Zayniddin Nizamkhojayev, chairman of the Central Election Commission, informing her that an internal investigation was underway following the alleged leak of employees' personal data. The message claimed that a State Security Service officer would soon contact her and instructed her not to disclose the matter to anyone.
Otayeva found the message suspicious because the Central Election Commission does not communicate with regional officials in that manner. Soon afterward, she received a phone call from an unknown number. The caller introduced herself as Major Tolganoy Erjanova of the State Security Service and claimed to have received authorization from the commission chairman to question her.
Minutes later, another Telegram account sent her a short video showing a woman in uniform displaying what appeared to be an official identification card. The caller insisted on speaking Russian, explaining that the investigation was being conducted jointly with Russian security services.
Otayeva refused to continue the conversation.
The fraudsters did not stop there. Another individual identifying himself as Dmitry Akhmedov, allegedly a lawyer from the Central Bank, claimed that six loans totaling more than UZS 400 million had been issued in her name and that the funds had allegedly been transferred to Russia and could have been used to finance terrorist organizations.
Shortly afterward, she received PDF files through a Telegram bot masquerading as a Central Bank service, listing the alleged loans.
The pressure ceased the following day, but her mobile phone began malfunctioning.
Believing that taking out a legitimate online loan might prevent fraudsters from obtaining loans in her name, Otayeva applied for an online loan of UZS 98.2 million through a banking application. Investigators later determined that the cybercriminals had already gained remote control of her phone through the malicious PDF file, allowing them to transfer the funds to a bank card belonging to another individual.
The governor who unknowingly asked for loans
The same group later compromised the Telegram account of Gijduvon District Governor Farkhod Umarov by sending him a malicious file disguised as a program titled "Samaya luchshaya mama" ("The Best Mom"). Opening the link gave the attackers full control of his account.
Using the governor's profile, the fraudsters sent messages to his contacts requesting UZS 7 million as a short-term loan, promising to repay it the following morning.
More than 10 people fell victim to the scam, including the assistant to the governor of Vobkent district, a senior specialist from the Bukhara Regional Treasury Department, the director of the Gijduvon Free Economic Zone, the head of a local company, and officials from the district Youth Affairs Department and the district office of the Cadastral Agency. Together, they transferred more than UZS 80 million.
One victim later told investigators that the first message appeared entirely credible because it came from Umarov's genuine Telegram account. Suspicion arose only after a second request arrived in the Latin script instead of Cyrillic.
The stolen money was transferred to bank cards registered in the names of several individuals, including Elyor Otaboyev, Hamdam Qadamov, Dildora Qurbonova, Maftuna Vohidova and Mirjalol Akhmedov.
The role of "drop" bank cards
Investigators found that the fraudsters relied on so-called "drop" bank cards opened in the names of other people in exchange for payment.
According to the case materials, several individuals opened up to 10 bank cards each and handed them over to the criminal network. Russian citizen Ivan Kornilov allegedly paid each participant $300 for the service.
The cardholders told investigators they believed the accounts would be used to process payments related to online betting platforms and were unaware that the accounts would be used to move proceeds from cyber fraud.
Russian nationals identified as organizers
Court documents identify Russian citizens Ivan Kornilov and Yegor Kuznetsov as the organizers of the scheme.
One defendant, a 26-year-old resident of Samarkand identified only as A.I., testified that he met Kornilov on a flight from Moscow to Samarkand in August 2025. After remaining in Samarkand for about a month, Kornilov later returned with Kuznetsov and offered A.I. a job.
According to his testimony, the pair explained that they operated cryptocurrency exchange activities and needed people to open "drop" bank cards. The scheme involved withdrawing money received on those cards in cash before converting it into cryptocurrency and transferring it to the organizers.
Investigators believe the money obtained through hacked Telegram accounts and fraudulent online loans was funneled through these cards. Kuznetsov allegedly handled the hacking of Telegram accounts and impersonated State Security Service officers through internet-based phone calls.
Court verdict
Law enforcement agencies eventually uncovered the operation and detained the suspects. Several criminal cases were opened against those involved.
The portion of the case concerning A.I. was heard separately, with the verdict delivered on June 15. He was convicted on 17 counts, including episodes involving the Gijduvon district governor and the deputy chairperson of the Bukhara Regional Election Commission.
The court found him guilty of fraud, violations of legislation on personal data, and the creation, use and distribution of malicious software under the Criminal Code. He was sentenced to two years and one month of restricted liberty.
According to the court, all financial losses suffered by the victims have been fully compensated.
Related News
16:25 / 10.07.2026
Police investigate illegal cryptocurrency trading worth UZS 2.8 billion
11:47 / 10.07.2026
Three suspected cyber fraudsters arrested in Navoi over UZS 336 million theft scheme
15:06 / 08.07.2026
Tashkent police dismantle cyber fraud network targeting Europeans and North Americans
11:51 / 07.07.2026