Russian national Vladimir Dunaev, aged 40, has been sentenced to a prison term of five years and four months for his involvement in the creation and distribution of the TrickBot malware, as reported by the U.S. Department of Justice (DoJ). This verdict follows Dunaev’s guilty plea, submitted nearly two months ago, wherein he admitted to charges of computer fraud, identity theft, and conspiracy to commit wire and bank fraud.
The DoJ disclosed that TrickBot, initially a banking trojan dating back to 2016, evolved into a versatile tool capable of deploying various payloads, including ransomware. The malware caused significant financial losses to millions of victims, including hospitals, schools, and businesses. After attempts to dismantle the botnet, it became part of the Conti ransomware operation in 2022.
The allegiance of the cybercrime group to Russia during the Russo-Ukrainian war resulted in the release of leaked information, known as ContiLeaks and TrickLeaks, leading to the group’s shutdown in mid-2022. This fragmentation resulted in the emergence of multiple other ransomware and data extortion groups.
Dunaev was responsible for providing specialized services and technical expertise to advance the TrickBot scheme from June 2016 to June 2021. He developed browser modifications and malicious tools to extract credentials and sensitive data from compromised systems, as well as enabling remote access. Additionally, he designed programs to evade detection by legitimate security software.
This sentencing update follows the imprisonment of another TrickBot developer, Alla Witte, a Latvian national, who received a two-year and eight-month sentence in June 2023.
In related news, financial sanctions were recently imposed by the governments of Australia, the U.K., and the U.S. on Alexander Ermakov, a Russian national affiliated with the REvil ransomware gang. Ermakov, known by various online aliases such as blade_runner and JimJones, orchestrated the 2022 attack against health insurance provider Medibank. Intel 471, a cybersecurity firm, revealed Ermakov’s involvement in cybercriminal activities, including network intrusions, malware development, and ransomware attacks. His active role in the cybercrime-as-a-service economy was evident, encompassing both legitimate and criminal software development through a software development company with which he was associated.
Cybersecurity researchers have uncovered a new attack targeting cloud-hosted large language model (LLM) services, leveraging stolen cloud credentials with the aim of selling access to other threat actors.
Read More
Cybersecurity researchers have discovered a new variant of an emerging botnet called P2PInfect that’s capable of targeting routers and IoT devices.
Read More
English 
Turkish