Russian TrickBot Malware Developer Pleaded Guilty

Vladimir Dunaev, a resident of Amur Blast and aged 40, has confessed to creating and distributing Trickbot malware. The purpose of the malware was to launch cyberattacks against various American hospitals and companies.

Trickbot has a collection of malware tools created to steal money and make ransomware deployment easier. Among the millions of Trickbot victims who lost tens of millions of dollars were hospitals, schools, and companies. Notably, Trickbot was taken down in 2022.

The malware was utilized to support many ransomware strains when it was operational, and it served as an initial intrusion vector into victim computer systems.

The U.S. Justice Department said Dunaev contributed specialized skills and technical expertise to support the Trickbot scheme. He pled guilty to charges of computer fraud, identity theft, and conspiring to commit bank and wire fraud.

Dunaev Misused Special Skills to Develop Trickbot Suite Of Malware

Dunaev developed malicious tools and browser modifications that made it easier to access credentials and mine data from compromised systems. 

He also developed program code that made it harder for legitimate security software to detect the Trickbot malware.

Using ransomware deployed by Trickbot, 10 victims in the Northern District of Ohio—including Avon schools and a real estate company in North Canton—were scammed out of about $3.4 million during Dunaev’s operation.

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Run Free Threat Scan

“As set forth in the plea agreement, Vladimir Dunaev misused his special skills as a computer programmer to develop the Trickbot suite of malware,” said U.S. Attorney Rebecca C. Lutzko for the Northern District of Ohio.

“Dunaev and his co defendants hid behind their keyboards, first to create Trickbot, then using it to infect millions of computers worldwide — including those used by hospitals, schools, and businesses — invading privacy and causing untold disruption and financial damage”.

Dunaev was brought to the Northern District of Ohio in 2021 from the Republic of Korea and entered a guilty plea to charges of conspiring to commit bank and wire fraud, identity theft, and computer fraud.

The Sentencing

He will be sentenced on March 20, 2024, and the maximum term for both charges is 35 years in prison.

Dunaev and eight other defendants were accused in the initial indictment returned in the Northern District of Ohio for their claimed roles in developing, deploying, managing, and profiting from Trickbot.

One of Dunaev’s associates, Alla Witte, a Latvian national and developer of the Trickbot malware, pleaded to conspiracy to conduct computer fraud in June and was given a two-year and eight-month prison sentence.

Additionally, financial sanctions were imposed on some alleged Trickbot members by the Treasury Department’s Office of Foreign Assets Control (OFAC) in February and September.

“Dunaev’s guilty plea and our collaboration with South Korea that made his extradition possible are a prime example of what we can accomplish together with our foreign partners,” said Acting Assistant Attorney General Nicole M. Argentieri of the Justice Department’s Criminal Division.

 “Cybercriminals should know that countries around the world stand ready to bring them to justice and hold them accountable for their crimes.”