Scroll Top

U.K. and U.S. impose sanctions on 11 alleged TrickBot cybercrime gang members with Russian ties

us-uk-sanction-members-russian-trickbot-gang-showcase_image-7-a-21162

London/Washington, D.C. – In a joint effort to combat cybercrime, the United Kingdom and the United States have imposed sanctions on 11 individuals suspected to be part of the notorious Russia-based TrickBot cybercrime gang. These sanctions come as a response to the gang’s long-standing involvement in cyberattacks targeting both governments and private sector organizations.

The U.S. Treasury Department has stated that TrickBot has strong ties to Russian intelligence services and has been responsible for targeting U.S. government entities, including hospitals, along with various U.S. companies.

The sanctioned individuals, all Russian nationals, are believed to have played various roles within the TrickBot organization, from administration and development to finance and human resources. Among them are:

  1. Andrey Zhuykov (aka Adam, Defender, and Dif) – Senior Administrator
  2. Maksim Sergeevich Galochkin (aka Bentley, Crypt, Manuel, Max17, and Volhvb) – Software Development and Testing
  3. Maksim Rudenskiy (aka Binman, Buza, and Silver) – Team Lead for Coders
  4. Mikhail Tsarev (aka Alexander Grachev, Fr*ances, Ivanov Mixail, Mango, Misha Krutysha, Nikita Andreevich Tsarev, and Super Misha) – Human Resources and Finance
  5. Dmitry Putilin (aka Grad and Staff) – Purchase of TrickBot Infrastructure
  6. Maksim Khaliullin (aka Kagas) – HR Manager
  7. Sergey Loguntsov (aka Begemot, Begemot_Sun, and Zulas) – Developer
  8. Vadym Valiakhmetov (aka Mentos, Vasm, and Weldon) – Developer
  9. Artem Kurov (aka Naned) – Developer
  10. Mikhail Chernov (aka Bullet and m2686) – Part of the Internal Utilities Group
  11. Alexander Mozhaev (aka Green and Rocco) – Part of the Team Responsible for General Administrative Duties

The U.K. government has emphasized that these individuals operated with anonymity, hiding behind online pseudonyms and monikers, which posed a significant challenge to law enforcement efforts. Removing this anonymity is seen as a crucial step in combating their criminal activities that threaten the security of both countries.

This marks the second time in seven months that the U.K. and U.S. have imposed sanctions on Russian nationals affiliated with the TrickBot cybercrime gang, as well as other groups like Ryuk and Conti.

Coinciding with these sanctions, indictments have been unsealed against nine defendants linked to the TrickBot malware and Conti ransomware schemes, with seven of them being among the newly sanctioned individuals. Dmitry Pleshevskiy, one of those sanctioned earlier this year, has denied any involvement in TrickBot activities, stating that he used an online alias for freelance programming tasks.

The TrickBot gang, which originated as an evolution of the Dyre banking trojan in 2016, has grown into a sophisticated and modular malware suite. This allows them to deploy various types of cyberattacks, including ransomware, with a level of professionalism that mimics a legitimate enterprise.

The Conti ransomware cartel, into which TrickBot was absorbed in early 2022, formally disbanded in May 2023 following a series of leaks that exposed their activities. These leaks, known as ContiLeaks and TrickLeaks, provided significant insights into the group’s operations, including internal chats, infrastructure details, and more.

According to the U.K. National Crime Agency (NCA), TrickBot is estimated to have extorted at least $180 million from victims worldwide, with £27 million coming from 149 victims in the U.K. Despite ongoing efforts to disrupt Russian cybercriminal activity through sanctions and indictments, these threat actors continue to adapt and operate under different names to evade authorities, emphasizing the need for continued vigilance in the fight against cybercrime.

Leave a comment

You must be logged in to post a comment.
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.