Authorities have imposed sanctions on 11 alleged members of the cybercriminal organization, while the U.S. Department of Justice has filed three federal indictments against nine people accused of being members of the organization.
The U.S. Treasury Department and the British Foreign Office today announced sanctions against 11 individuals suspected of involvement in the Trickbot cybercrime gang. The U.S. Department of Justice also indicted nine people allegedly associated with Trickbot and its sister group Conti. Seven of those nine are also on today’s sanctions list.
In recent years, U.S. and British law enforcement have partnered with officials around the world in an effort to stop cybercrime, particularly ransomware attacks and those launched by Russian attackers. Trickbot, a notorious and prolific gang, has been specifically targeted in these operations on several occasions. In February this year, the United States and the United Kingdom announced sanctions and prosecuted seven suspected Trickbot actors.
The new round of reprimands includes Trickbot members accused of serving as coders and administrators for the organization, as well as senior employees, development team leaders, and human resources and finance managers. The sanctions also name Trickbot’s head of malware and technical infrastructure testing. This man’s name is Maksim Galochkin, and his nickname is Bentley, among other things. Wired identified Galochkin last week as part of a broader investigation into Trickbot and its operations.
The Justice Department announced three indictments today, including those against Galochkin. An indictment in the Northern District of Ohio, filed on June 15, alleges that he and 10 other alleged Trickbot members “conspired to use Trickbot malware to steal money as well as personal and confidential information from unsuspecting victims.” Those include businesses and financial institutions located in the United States.” Starting in November 2015, in every state and around the world. ” This timeline means the charges relate to essentially all Trickbot activity since the group’s inception.
An indictment filed in the Middle District of Tennessee on June 12 accuses Galochkin and three others of using Conti ransomware to target “U.S. businesses, nonprofits, and governments” between 2020 and June 2022. The lawsuit, filed in the Southern District of California on June 14, accuses Galochkin in connection with the Conti ransomware attack on Scripps Health on May 1, 2021.
“Today’s announcement demonstrates our continued commitment to bringing to justice the most egregious cybercriminals who commit crimes,” FBI Director Christopher Wray said in a statement Thursday. Harm to the American public, our hospitals, schools and businesses.” “Cybercriminals know that we will use every legal tool at our disposal to identify them, pursue them relentlessly, and disrupt their criminal operations. We will work with Together, our federal and international partners continue to impose costs through joint operations, no matter where these criminals may be trying to hide.”
It is difficult for law enforcement around the world to make progress in curbing cybercriminal activity, especially when criminals are located in countries such as Russia that allow them to operate with impunity. But independent researchers say enacting public accountability does have an impact on individuals and the wider crime landscape.
Cybercriminals “often believe they can conduct cyberattacks on companies and individuals anonymously,” said Landon Winkelvoss, vice president of research at digital intelligence firm Nisos. The company conducted a detailed investigation into Bentley’s real-world identity at WIRED’s request. But “they all make mistakes, and the nature of their crimes requires that their digital footprints be in the wild.”
Winkelvos noted that while cybercriminals have developed systematic strategies to keep their operations secure and stay out of the spotlight, their efforts to remain invisible are far from foolproof.
“Reusing command and control infrastructure servers and selectors like email addresses and phone numbers is often the fastest return on investment,” Winkelvoss said. “Unfortunately for them, this makes their disclosure relatively simple, especially when law enforcement and private industry [have] Much more public data than them. “