Russian developer of Trickbot malware pleads guilty, faces 35-year sentence


A Russian national pleaded guilty in federal court in Cleveland on Thursday to charges related to his involvement in developing and deploying the malicious software known as Trickbot. He faces a maximum penalty of 35 years, the U.S. Department of Justice said.

According to court documents, Vladimir Dunaev, 40, was a member of a cybercriminal organization that deployed Trickbot to steal money and install ransomware on victims’ computers. The group’s victims — including hospitals, schools, and businesses in the U.S. — suffered tens of millions of dollars in losses.

Trickbot, which was taken down last year, is believed to have stolen more than $180 million worldwide. Dunaev was extradited from South Korea to the U.S. in 2021.

Dunaev was actively involved in Trickbot’s operation, the DOJ said. In particular, he created browser modifications and malicious tools to harvest credentials and mine data from infected computers. He also improved remote access for Trickbot actors and developed a code to evade detection by legitimate security software.

“Dunaev and his codefendants hid behind their keyboards, first to create Trickbot, then using it to infect millions of computers worldwide… invading privacy and causing untold disruption and financial damage,” DOJ statement said.

Ten victims in the Northern District of Ohio, including Avon schools and a North Canton real-estate company, were defrauded of more than $3.4 million via ransomware deployed by Trickbot while Dunaev was involved in the operation, prosecutors said.

In June, one of Dunaev’s co-conspirators, Alla Witte — a Trickbot malware developer and Latvian national — pleaded guilty and was sentenced to two years and eight months in prison.

In February and September, the U.S. and U.K. also issued financial sanctions on 18 other members of Trickbot, freezing their assets and imposing travel bans.

The individuals targeted by the sanctions “include key actors involved in management and procurement for the Trickbot group, which has ties to Russian intelligence services,” according to the U.S. Treasury.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk
is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

iPhones and Macs get patches for two vulnerabilities

Next Post

Cyber Command, NSA nominee now double-blocked

Related Posts

Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel

Cybersecurity researchers have disclosed what they say is the "first native Spectre v2 exploit" against the Linux kernel on Intel systems that could be exploited to read sensitive data from the memory. The exploit, called Native Branch History Injection (BHI), can be used to leak arbitrary kernel memory at 3.5 kB/sec by bypassing existing Spectre v2/BHI mitigations, researchers from Systems and
Read More