Russian Developer Pleads Guilty to Trickbot Conspiracy

Written by

A Russian man has pleaded guilty to charges connected to his involvement in the infamous Trickbot malware.

Vladimir Dunaev, 40, of Amur Blast, was indirectly responsible for cyber-attacks on hospitals, schools and businesses that resulted in tens of millions of dollars in losses.

Trickbot was modular malware designed to steal credentials, install backdoors and much more. It played a major role in providing initial access for ransomware groups such as Ryuk and Conti.

Dunaev developed browser modifications and malicious tools to help with harvesting credentials and other data from infected computers, according to the Department of Justice (DoJ). He also “facilitated and enhanced” the remote access used by Trickbot actors and created code to prevent Trickbot being detected by security software.

“As set forth in the plea agreement, Vladimir Dunaev misused his special skills as a computer programmer to develop the Trickbot suite of malware,” said US attorney Rebecca Lutzko for the Northern District of Ohio.

“Dunaev and his co-defendants hid behind their keyboards, first to create Trickbot, then using it to infect millions of computers worldwide – including those used by hospitals, schools, and businesses – invading privacy and causing untold disruption and financial damage.”

Read more on Trickbot: Latvian Woman Charged with Developing Malware for Trickbot

Dunaev was extradited to the US from South Korea in 2021. He pleaded guilty to conspiracy to commit computer fraud and identity theft, and conspiracy to commit wire fraud and bank fraud. He’s due to be sentenced on March 20 2024, and faces a maximum penalty of 35 years in prison on both counts.

One of Dunaev’s co-conspirators and fellow Trickbot malware developer, Alla Witte, pleaded guilty to conspiracy to commit computer fraud back in June and was sentenced to two years and eight months in prison.

Although the Trickbot operation was successfully disrupted by the US authorities, many members are believed still to be at large. In February and September this year, the Treasury Department’s Office of Foreign Assets Control (OFAC) issued financial sanctions against several suspects.

What’s hot on Infosecurity Magazine?