The U.S. Department of Justice (DoJ) declared the guilt of Vladimir Dunaev, a 40-year-old Russian national, in connection with his involvement in creating and deploying the TrickBot malware.
Dunaev, apprehended in South Korea in September 2021 and extradited to the U.S., was found to have developed browser modifications and malicious tools that facilitated credential harvesting, data mining, and enhanced remote access for TrickBot actors. He also devised code to evade detection by legitimate security software.
The DoJ revealed that Dunaev’s activities led to over $3.4 million in losses for victims in the Northern District of Ohio, including Avon schools and a North Canton real-estate company, via ransomware deployed by TrickBot.
Pleading guilty to computer fraud, identity theft, conspiracy to commit wire fraud, and bank fraud, Dunaev faces a maximum sentence of 35 years in prison, scheduled for March 20, 2024. He is the second TrickBot gang malware developer convicted after Alla Witte, a Latvian national sentenced to two years and eight months in prison in June 2023.
This development followed the U.K. and U.S. governments’ sanctioning of 11 individuals suspected of being part of the TrickBot cybercrime group a few months earlier.
TrickBot, originating as a banking trojan in 2016, evolved into a versatile tool for additional payload delivery and facilitating initial access for ransomware attacks.
Following Russia’s invasion of Ukraine, Conti ransomware took control of TrickBot, but both groups suffered significant setbacks after Conti’s allegiance to Russia led to leaks (ContiLeaks and TrickLeaks) divulging internal information, resulting in Conti’s shutdown and fragmentation into multiple factions.