A Russian national, who was arrested in South Korea last month and extradited to the U.S. on October 20, appeared in a federal court in the state of Ohio on Thursday to face charges for his alleged role as a member of the infamous TrickBot group.
Court documents showed that Vladimir Dunaev, 38, along with other members of the transnational, cybercriminal organization, stole money and confidential information from unsuspecting victims, including individuals, financial institutions, school districts, utility companies, government entities, and private businesses.
Starting its roots as a banking trojan in 2016, TrickBot has evolved into a modular, multi-stage Windows-based crimeware solution capable of pilfering valuable personal and financial information, and even dropping ransomware and post-exploitation toolkits on compromised devices. The malware is also notorious for its resilience, having survived at least two takedowns spearheaded by Microsoft and the U.S. Cyber Command a year ago.
However, on the legal front, the U.S. government earlier this year charged a 55-year-old Latvian woman named Alla “Max” Witte, who the prosecutors said worked as a programmer “overseeing the creation of code related to the monitoring and tracking of authorized users of the Trickbot malware.” Dunaev is the second Trickbot defendant to be arrested in 2021.
Dunaev, specifically, is said to have worked as a developer for the group, in charge of creating, deploying, and managing the Trickbot malware beginning in November 2015, while also overseeing the malware’s execution, as well as designing Firefox web browser modifications and helping to hide the malware from detection by security software.
In early September, South Korean media outlets reported the arrest of Dunaev (then identified only as “Mr. A”) at the Incheon International Airport when attempting to depart for Russia after being stranded in the country for over a year due to COVID-19. The suspect, who arrived in February 2020, also had his passport expired in the interim period, forcing him to stay in a hotel while awaiting for a replacement.
But once the passport was re-issued, the defendant tried to leave for his native home in Russia, leading to his arrest pursuant to an extradition request from the U.S. Dunaev has been charged with conspiracy to commit computer fraud and aggravated identity theft, conspiracy to commit wire and bank fraud, conspiracy to commit money laundering, and multiple counts of wire fraud, bank fraud, and aggravated identity theft.
If found guilty on all counts, the defendant faces a total prison term of 60 years.
“Trickbot attacked businesses and victims across the globe and infected millions of computers for theft and ransom, including networks of schools, banks, municipal governments, and companies in the health care, energy, and agriculture sectors,” said Deputy Attorney General Lisa O. Monaco in a statement.
“This is another success for the Department’s recently launched Ransomware and Digital Extortion Task Force in dismantling ransomware groups and disrupting the cybercriminal ecosystem that allows ransomware to exist and to threaten our critical infrastructure,” O. Monaco added.