Russian Cybercrime Gang Trickbot Sanctioned by US, UK

The U.S. and U.K. issued joint sanctions on Thursday against seven members of the infamous Russian cybercrime group Trickbot.

Though the U.S. has previously moved against Russian cyber criminals, the Trickbot sanctions are the first of their kind for the U.K. A press release issued by the British government on Thursday said that the Trickbot sanctions were part of “the first wave of a new coordinated action against international cyber crime.”

Trickbot is a notorious Russian cybercrime gang with close ties to Russian intelligence services. According to the U.S Treasury Department, Trickbot has been coordinating its attacks to align with “Russian state objectives,” including carrying out attacks on the U.S. government. During the COVID-19 pandemic Trickbot targeted hospitals and other medical facilities with ransomware attacks.

The group’s attacks are lucrative. According to Chainalysis data, Trickbot has raked in at least $724 million in crypto, making it the second-largest cybercrime gang by profit, coming only behind North Korea’s Lazarus Group.

The members of the Trickbot group that have been sanctioned vary from senior leadership to low-level administrators. Each has been added to the Treasury Department’s Office of Foreign Assets Control (OFAC) list of Specially Designated Nationals and Blocked Persons (SDN). The sanctioned members will also have certain assets frozen and travel bans imposed.

Vitaly Kovalev, also known as “Bentley” or “Ben,” is thought to be a senior leader in the Trickbot group with a history of cybercrime that pre-dates his involvement in the gang.

Other members sanctioned include Maksim Mikhailov, a developer known as “Baget;” Valentin Karyagin, a developer known as “Globus;” Mikhail Iskritskiy, an alleged money launderer for the group known as “Tropa;” Dmitry Pleshevskiy, a coder known as “Iseldor;” Ivan Vakhromeyev, a manger known as “Mushroom;” and Valery Sedleski, an administer known as “Strix.”