Former Trickbot developer Vladimir Dunaev, originally from the Amur Region of Russia, has been sentenced to 5 years and 4 months of imprisonment in the United States. Dunaev’s role in infecting American hospitals and businesses with carriers and other harmful software resulted in tens of millions of dollars in losses for the victims. Dunaev pleaded guilty in court on November 30 to two points of prosecution: conspiracy to commit computer fraud and conspiracy to commit fraud using electronic communications. [1]
From June 2016 to June 2021, Dunaev worked as a developer in a criminal group, providing specialized services and technical skills. His responsibilities included recruiting other developers, purchasing and managing servers for the deployment and operation of Trickbot, encrypting the virus to evade antivirus programs, conducting spam and phishing attacks, and laundering stolen funds. Dunaev also implemented a feature to steal accounting data from victims’ browsers. [2]
In particular, Dunaev developed modifications for popular browsers Firefox and Chrome by utilizing the open code bases of each browser. This allowed Trickbot participants to steal passwords, accounting data, and other information. [2]
According to judicial documents, from October 2018 to February 2021, the group deceived victims amounting to more than $3.4 million. The gang, known as the “Russian Kybercrime Gang,” extorted at least $180 million from individuals and organizations worldwide, according to the UK’s National Crime Agency. [3]
Dunaev was extradited to the United States from South Korea in 2021. Initially, Dunaev and six others were accused of developing, deploying, managing, and profiting from Trickbot. In June, one of the six suspects, Latvian citizen Alla Witte, pleaded guilty to conspiracy to commit computer fraud and received a sentence of 2 years and 8 months in prison. [4]
Trickbot began its operations as a Trojan for hacking bank accounts and later expanded its functions. It served as an initial invasion vector for various criminal activities and even assisted in the recovery of the Emotet network after it was dismantled by law enforcement agencies. Trickbot ceased to exist in 2022, but many of its developers had already joined other groups. [5]
References:
[1] – regmedia.co.uk