Cyber security Course

Russian TrickBot Malware Developer Pleaded Guilty

Vladimir Dunaev, a resident of Amur Blast and aged 40, has confessed to creating and distributing Trickbot malware. The purpose of the malware was to launch cyberattacks against various American hospitals and companies.

Trickbot has a collection of malware tools created to steal money and make ransomware deployment easier. Among the millions of Trickbot victims who lost tens of millions of dollars were hospitals, schools, and companies. Notably, Trickbot was taken down in 2022.

The malware was utilized to support many ransomware strains when it was operational, and it served as an initial intrusion vector into victim computer systems.

The U.S. Justice Department said Dunaev contributed specialized skills and technical expertise to support the Trickbot scheme. He pled guilty to charges of computer fraud, identity theft, and conspiring to commit bank and wire fraud.

Dunaev Misused Special Skills to Develop Trickbot Suite Of Malware

Dunaev developed malicious tools and browser modifications that made it easier to access credentials and mine data from compromised systems. 

He also developed program code that made it harder for legitimate security software to detect the Trickbot malware.

Using ransomware deployed by Trickbot, 10 victims in the Northern District of Ohio—including Avon schools and a real estate company in North Canton—were scammed out of about $3.4 million during Dunaev’s operation.

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

“As set forth in the plea agreement, Vladimir Dunaev misused his special skills as a computer programmer to develop the Trickbot suite of malware,” said U.S. Attorney Rebecca C. Lutzko for the Northern District of Ohio.

“Dunaev and his co defendants hid behind their keyboards, first to create Trickbot, then using it to infect millions of computers worldwide — including those used by hospitals, schools, and businesses — invading privacy and causing untold disruption and financial damage”.

Dunaev was brought to the Northern District of Ohio in 2021 from the Republic of Korea and entered a guilty plea to charges of conspiring to commit bank and wire fraud, identity theft, and computer fraud.

The Sentencing

He will be sentenced on March 20, 2024, and the maximum term for both charges is 35 years in prison.

Dunaev and eight other defendants were accused in the initial indictment returned in the Northern District of Ohio for their claimed roles in developing, deploying, managing, and profiting from Trickbot.

One of Dunaev’s associates, Alla Witte, a Latvian national and developer of the Trickbot malware, pleaded to conspiracy to conduct computer fraud in June and was given a two-year and eight-month prison sentence.

Additionally, financial sanctions were imposed on some alleged Trickbot members by the Treasury Department’s Office of Foreign Assets Control (OFAC) in February and September.

“Dunaev’s guilty plea and our collaboration with South Korea that made his extradition possible are a prime example of what we can accomplish together with our foreign partners,” said Acting Assistant Attorney General Nicole M. Argentieri of the Justice Department’s Criminal Division.

 “Cybercriminals should know that countries around the world stand ready to bring them to justice and hold them accountable for their crimes.”

Guru baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Hackers Exploiting Docusign With Phishing Attack To Steal Credentials

Hackers prefer phishing as it exploits human vulnerabilities rather than technical flaws which make it a highly effective and low-cost…

23 hours ago

Norway Recommends Replacing SSLVPN/WebVPN to Stop Cyber Attacks

A very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS)…

3 days ago

New Linux Backdoor Attacking Linux Users Via Installation Packages

Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target…

3 days ago

ViperSoftX Malware Uses Deep Learning Model To Execute Commands

ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts…

3 days ago

Santander Data Breach: Hackers Accessed Company Database

Santander has confirmed that there was a major data breach that affected its workers and customers in Spain, Uruguay, and…

3 days ago

U.S. Govt Announces Rewards up to $5 Million for North Korean IT Workers

The U.S. government has offered a prize of up to $5 million for information that leads to the arrest and…

3 days ago