Russian cybercriminal pleaded guilty to involvement in Trickbot malware scheme
On November 30, 2023, Russian national, Vladimir Dunaev, pleaded guilty to charges connected to his involvement in the development and deployment of Trickbot malware.
Trickbot, as defined by the Cybersecurity & Infrastructure Security Agency, or CISA, is a sophisticated Trojan, developed and designed by Russian cybercriminals, to steal financial data primarily through the use of phishing emails. Originally created in 2016, Trickbot evolved from a banking credential scam to a “suite of malware tools designed to steal money and facilitate the installation of ransomware.” Trickbot, steals information like financial account details and banking passwords, has caused its victims across the globe millions of dollars in losses. Earlier this year, the Office of Foreign Assets Control, OFAC, issued financial sanctions against multiple suspected Trickbot members, freezing their assets and imposing travel bans.
According to the Department of Justice, Dunaev “provided specialized services and technical abilities” in furtherance of Trickbot attacks against U.S. hospitals, schools, and other companies. Specifically, he created “browser modifications and malicious tools” to harvest credentials and mine data “from infected computers.” Dunaev also “enhanced the remote access used by Trickbot actors,” and developed a program code allowing Trickbot malware to evade “legitimate security software.” Due to Dunaev’s active involvement in the Trickbot operation, 10 victims in the Northern District of Ohio, including a school and a real-estate company, were defrauded of more than $3.4 million via ransomware deployed by Trickbot.
In 2021, the DOJ’s Office of International Affairs coordinated with the International Criminal Affairs Division of the South Korean Ministry of Justice to extradite Dunaev from South Korea to Ohio for prosecuting. As set forth in the plea agreement, he pleaded guilty to “conspiracy to commit computer fraud and identity theft and conspiracy to commit wire fraud and bank fraud.” Dunaev is scheduled for sentencing on March 20, 2024, and could face up to 35 years in prison on both counts.
In June 2023, one of Dunaev’s Trickbot co-conspirators, Alla Witte, also pleaded guilty to conspiracy to commit computer fraud and was sentenced to two years and eight months incarceration after being extradited from Suriname. According to the DOJ, the FBI Cleveland Field Office is still investigating the case.
If you have questions about your company’s compliance with cyber regulations, concerns about vulnerability to a ransomware attack or other breach, or if you want to learn more about proactive cybersecurity defense, contact a member of McDonald Hopkins' national data privacy and cybersecurity team.