The US and the UK governments penalised Russian TrickBot cyber gang members for infiltrating hospitals, companies, and even the US government.
In 2020, the cybercrime group endured depredation and was involved in the Conti ransomware cartel. It served as an authorised business with a systematic management framework.
In May 2023, Conti dissociated after a surge of divulges two months earlier, providing critical perception into Trickbot gang members’ activities. Accordingly, it was engendered by the group’s assistance in Russia’s war against Ukraine.
Russia, Harbour of TrickBot Cyber Gang Members
Cybercriminals, including TrickBot cyber gang members, find refuge in Russia. It seems the continuous endeavours to restrain Russian cybercriminal activities with sanctions and contributions aren’t enough to stop them. These perpetrators keep on operating under different names to avoid the ban and manipulate shared tactics to attack targets.
According to the US Treasury Department, the TrickBot group has affiliation with Russian intelligence services and has preyed on the US government, hospitals, and companies.
“The individuals, all Russian nationals, operated out of the reach of traditional law enforcement and hid behind online pseudonyms and monikers. Removing their anonymity undermines the integrity of these individuals and their criminal businesses that threaten U.K. security,” said the UK government.
The incident is the second time in seven months that the two governments have imposed similar sanctions against various Russian nationals for their linkage to TrickBot, Ryuk, and Conti cybercrime syndicates.
Moreover, it corresponds with the unravelling of charges against nine defendants concerning the TrickBot malware and Conti ransomware schemes. It also includes seven of the newly-sanctioned individuals.
Living in Anonymity
The cybercrime group got its name from the Trojan virus which infected a victim’s computer. It steals data and demands ransoms. Throughout the Covid-19 epidemic in 2020, Trickbot cyber gang members started infiltrating hospitals and healthcare centres across the US.
“In one instance, the TrickBot group deployed ransomware against three Minnesota medical facilities, disrupting their computer networks and telephones and causing a diversion of ambulances,” stated the Treasury Department.
The cybercriminals lived in anonymity to evade authorities and prosecution. Some of these sanctioned members were involved in management and procurement. Others worked as administrators, coders, and developers. They are liable to asset freezes, including travel bans in the US and the UK.
The authorities named the cybercriminals as Mikhail Tsarev, Vadym Valiakhmetov, Mikhail Chernov, Maksim Khaliullin, Andrey Zhuykov, Sergey Loguntsov, Alexander Mozhaev, Maksim Galochkin, Artem Kurov, Artem Kurov, and Maksim Rudenskiy.
Image Credit: geralt/Pixabay