A Syrian man has pleaded guilty to charges of helping the Syrian Electronic Army (SEA) extort cash from hacking victims.
Court papers reveal that Peter Romar offered to aid the SEA after it carried out hack attacks on US firms and organisations.
He helped run a campaign of extortion, seeking cash from firms for the return of stolen documents.
Mr Romar faces a maximum penalty of five years in jail.
“Cybercriminals cannot hide from justice,” said Dana Boente, US attorney for the Eastern District of Virginia where Romar appeared in court.
Romar is believed to have played his part in the SEA extortion and hacking campaign from Germany where he had emigrated after leaving Syria. His location helped funnel extorted cash to the SEA, which could not receive money directly from victims because of financial sanctions imposed on Syria because of the continuing conflict.
Not all of the money taken was passed on to the SEA, said the FBI in a statement adding that the conspirators also used it to enrich themselves.
The campaign of extortion lasted about six months before German police arrested Romar in mid-2014. He was extradited to the US soon afterwards.
Firas Dardar, the SEA insider with whom Romar worked, remains at large and is believed to currently live in the Syrian city of Homs. He, and another SEA hacker Amad Umar Agha, were put on the FBI’s most wanted cybercriminals list in early 2016. The FBI is offering a reward of up to $100,000 (£77,100) for information about their whereabouts.
The SEA said it was acting in support of President Bashar al-Assad saying it sought to counter “fabricated news” broadcast by Arab and Western media.
Romar will be sentenced on 21 October.