A Russian national alleged to be a member of the Trickbot hacking group has been extradited to the United States from South Korea. He is charged with offenses related to computer fraud, bank fraud, wire fraud, money laundering, and identity theft.
Vladimir Dunaev, the accused, appeared in a federal court in Ohio, CyberScoop reported. He is the second person accused of being part of the Trickbot hacking group. He now faces a maximum penalty of 60 years in federal prison.
Trickbot Malware and othe authors
As per the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, TrickBot malware is a “highly modular, multi-stage malware that provides its operators a full suite of tools to conduct a myriad of illegal cyber activities”. Dunaev allegedly managed the malware’s execution, developed browser modifications, and helped it conceal itself from security software.
Fearing that the Trickbot malware and its associate botnets may facilitate ransomware against election IT infrastructure, the U.S. government and Microsoft worked to disable its ability to attack American targets in 2020.
Earlier in June, the U.S. prosecutors unsealed an indictment. It revealed that a Latvian woman, Alla Witte, developed the code behind the malware. Law enforcement arrested her in Miami in February and produced her before a federal court in June.
Deputy Attorney General Lisa Monaco credited it as a success for the Department of Justice’s ransomware task force.
The Trickbot gang is still at large
According to the indictment, the gang has at least 17 members, each with specific roles for malware operation, Bleeping Computer reported. The gang focused on stealing banking credentials initially using keyloggers. Later, it developed a modular malware that could distribute other threats, such as ransomware, too.
The malware has reportedly impacted businesses in the U.S., U.K., Australia, India, Spain, Russia, Canada, Germany, Italy, and Mexico.
The U.S. is on offensive against hacking groups
The U.S., along with other countries, in on the offensive against hacking groups. After multiple ransomware attacks on different businesses, including critical sectors such as the Colonial Pipeline, it has started to take them down one by one. It has already issued guidance to investigate ransomware & terrorist attacks alike
Recently, it hacked into the Revil ransomware group’s servers and forced them offline.