Russian nationwide Vladimir Dunaev has been sentenced to 5 years and 4 months in jail for his function in creating and distributing the Trickbot malware utilized in assaults in opposition to hospitals, firms, and people worldwide.
According to courtroom paperwork, the 40-year-old particular person (also referred to as FFX) was the one who oversaw the event of the malware’s browser injection element.
In September 2021, Dunaev was arrested whereas making an attempt to depart South Korea after being caught there for over a yr because of COVID-19 journey restrictions and an expired passport. The extradition course of to the United States was accomplished on October 20, 2021.
After his arrest, he pleaded responsible to costs associated to conspiring to commit laptop fraud and identification theft, along with conspiring to commit wire and financial institution fraud, dealing with a most sentence of 35 years in jail for each offenses.
The preliminary indictment accused Dunaev and eight co-defendants of partaking within the growth, deployment, administration, and monetary positive factors from the Trickbot malware operation.
“Dunaev developed malicious ransomware and deployed it to assault American hospitals, faculties, and companies within the Northern District of Ohio and all through our nation, all whereas hiding behind his laptop,” mentioned US Attorney Rebecca C. Lutzko.
“He and his co-defendants prompted immeasurable disruption and monetary injury, maliciously infecting tens of millions of computer systems worldwide, and Dunaev will now spend over 5 years behind bars because of this.”
TrickBot arrests and sanctions
Dunaev started working for the TrickBot malware syndicate in June 2016 as a developer following a recruitment course of that required him to create a SOCKS server app and modify the Firefox browser for malware supply.
The TrickBot malware he helped develop enabled cybercriminals to gather contaminated victims’ delicate data (resembling login credentials, bank card data, emails, passwords, social safety numbers, and addresses) and siphon off funds from victims’ financial institution accounts.
Dunaev is the second TrickBot malware dev prosecuted by the US Department of Justice after Latvian nationwide Alla Witte (aka Max) was apprehended in February 2021 and charged with serving to develop the module designed to deploy ransomware on compromised networks.
In February and September, the US and the UK sanctioned 18 Russians linked to the TrickBot and Conti cybercrime gangs for his or her involvement within the extortion of at the least $180 million, warning that some Trickbot group members have been additionally related to Russian intelligence companies.
TrickBot’s evolution and Conti hyperlinks
Initially centered on banking credentials theft upon its emergence in 2015, TrickBot rapidly mutated right into a modular instrument utilized by cybercrime organizations (together with the Ryuk and Conti ransomware operations) to realize preliminary entry to company networks.
Despite a number of takedown makes an attempt, the Conti cybercrime group assumed management of the malware, utilizing it to develop different advanced and stealthier malware variants like Anchor and BazarBackdoor.
However, within the wake of Russia’s invasion of Ukraine, a Ukrainian researcher leaked Conti’s inner communications on-line, exposing its hyperlinks with the TrickBot operation.
An nameless entity (TrickLeaks) later disclosed extra data on the TrickBot gang, shedding additional mild on its hyperlinks with Conti.
These disclosures in the end expedited Conti’s shutdown, which fragmented into different ransomware teams now tracked as Royal, Black Basta, and ZEON.