A Russian national pleaded guilty in federal court in Cleveland on Thursday to charges related to his involvement in developing and deploying the malicious software known as Trickbot. He faces a maximum penalty of 35 years, the U.S. Department of Justice said.
According to court documents, Vladimir Dunaev, 40, was a member of a cybercriminal organization that deployed Trickbot to steal money and install ransomware on victims’ computers. The group’s victims — including hospitals, schools, and businesses in the U.S. — suffered tens of millions of dollars in losses.
Trickbot, which was taken down last year, is believed to have stolen more than $180 million worldwide. Dunaev was extradited from South Korea to the U.S. in 2021.
Dunaev was actively involved in Trickbot’s operation, the DOJ said. In particular, he created browser modifications and malicious tools to harvest credentials and mine data from infected computers. He also improved remote access for Trickbot actors and developed a code to evade detection by legitimate security software.
“Dunaev and his codefendants hid behind their keyboards, first to create Trickbot, then using it to infect millions of computers worldwide… invading privacy and causing untold disruption and financial damage,” DOJ statement said.
Ten victims in the Northern District of Ohio, including Avon schools and a North Canton real-estate company, were defrauded of more than $3.4 million via ransomware deployed by Trickbot while Dunaev was involved in the operation, prosecutors said.
In June, one of Dunaev’s co-conspirators, Alla Witte — a Trickbot malware developer and Latvian national — pleaded guilty and was sentenced to two years and eight months in prison.
In February and September, the U.S. and U.K. also issued financial sanctions on 18 other members of Trickbot, freezing their assets and imposing travel bans.
The individuals targeted by the sanctions “include key actors involved in management and procurement for the Trickbot group, which has ties to Russian intelligence services,” according to the U.S. Treasury.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Daryna Antoniuk
is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.
