Tuesday, November 12, 2024
HomeCyber security CourseRussian TrickBot Malware Developer Pleaded Guilty

Russian TrickBot Malware Developer Pleaded Guilty

Published on

Malware protection

Vladimir Dunaev, a resident of Amur Blast and aged 40, has confessed to creating and distributing Trickbot malware. The purpose of the malware was to launch cyberattacks against various American hospitals and companies.

Trickbot has a collection of malware tools created to steal money and make ransomware deployment easier. Among the millions of Trickbot victims who lost tens of millions of dollars were hospitals, schools, and companies. Notably, Trickbot was taken down in 2022.

The malware was utilized to support many ransomware strains when it was operational, and it served as an initial intrusion vector into victim computer systems.

- Advertisement - SIEM as a Service

The U.S. Justice Department said Dunaev contributed specialized skills and technical expertise to support the Trickbot scheme. He pled guilty to charges of computer fraud, identity theft, and conspiring to commit bank and wire fraud.

Dunaev Misused Special Skills to Develop Trickbot Suite Of Malware

Dunaev developed malicious tools and browser modifications that made it easier to access credentials and mine data from compromised systems. 

He also developed program code that made it harder for legitimate security software to detect the Trickbot malware.

Using ransomware deployed by Trickbot, 10 victims in the Northern District of Ohio—including Avon schools and a real estate company in North Canton—were scammed out of about $3.4 million during Dunaev’s operation.

Document
Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

“As set forth in the plea agreement, Vladimir Dunaev misused his special skills as a computer programmer to develop the Trickbot suite of malware,” said U.S. Attorney Rebecca C. Lutzko for the Northern District of Ohio.

“Dunaev and his co defendants hid behind their keyboards, first to create Trickbot, then using it to infect millions of computers worldwide — including those used by hospitals, schools, and businesses — invading privacy and causing untold disruption and financial damage”.

Dunaev was brought to the Northern District of Ohio in 2021 from the Republic of Korea and entered a guilty plea to charges of conspiring to commit bank and wire fraud, identity theft, and computer fraud.

The Sentencing

He will be sentenced on March 20, 2024, and the maximum term for both charges is 35 years in prison.

Dunaev and eight other defendants were accused in the initial indictment returned in the Northern District of Ohio for their claimed roles in developing, deploying, managing, and profiting from Trickbot.

One of Dunaev’s associates, Alla Witte, a Latvian national and developer of the Trickbot malware, pleaded to conspiracy to conduct computer fraud in June and was given a two-year and eight-month prison sentence.

Additionally, financial sanctions were imposed on some alleged Trickbot members by the Treasury Department’s Office of Foreign Assets Control (OFAC) in February and September.

“Dunaev’s guilty plea and our collaboration with South Korea that made his extradition possible are a prime example of what we can accomplish together with our foreign partners,” said Acting Assistant Attorney General Nicole M. Argentieri of the Justice Department’s Criminal Division.

 “Cybercriminals should know that countries around the world stand ready to bring them to justice and hold them accountable for their crimes.”

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS...

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

HookBot Malware Use Overlay Attacks Impersonate As Popular Brands To Steal Data

The HookBot malware family employs overlay attacks to trick users into revealing sensitive information...

ToxicPanda Banking Malware Attacking Banking Users To Steal Logins

Recent research has uncovered a new strain of malware developed for Android devices, initially...