Russian Cybercrime Gang Trickbot Sanctioned by US, UK

According to Chainalysis, Trickbot is the second-highest earning cybercrime group, and has extorted at least $724 million in crypto.

AccessTimeIconFeb 9, 2023 at 9:56 p.m. UTC
Updated Feb 9, 2023 at 10:29 p.m. UTC

The U.S. and U.K. issued joint sanctions on Thursday against seven members of the infamous Russian cybercrime group Trickbot.

Though the U.S. has previously moved against Russian cyber criminals, the Trickbot sanctions are the first of their kind for the U.K. A press release issued by the British government on Thursday said that the Trickbot sanctions were part of “the first wave of a new coordinated action against international cyber crime.”

Trickbot is a notorious Russian cybercrime gang with close ties to Russian intelligence services. According to the U.S Treasury Department, Trickbot has been coordinating its attacks to align with “Russian state objectives,” including carrying out attacks on the U.S. government. During the COVID-19 pandemic Trickbot targeted hospitals and other medical facilities with ransomware attacks.

The group’s attacks are lucrative. According to Chainalysis data, Trickbot has raked in at least $724 million in crypto, making it the second-largest cybercrime gang by profit, coming only behind North Korea’s Lazarus Group.

The members of the Trickbot group that have been sanctioned vary from senior leadership to low-level administrators. Each has been added to the Treasury Department’s Office of Foreign Assets Control (OFAC) list of Specially Designated Nationals and Blocked Persons (SDN). The sanctioned members will also have certain assets frozen and travel bans imposed.

Vitaly Kovalev, also known as “Bentley” or “Ben,” is thought to be a senior leader in the Trickbot group with a history of cybercrime that pre-dates his involvement in the gang.

Other members sanctioned include Maksim Mikhailov, a developer known as “Baget;” Valentin Karyagin, a developer known as “Globus;” Mikhail Iskritskiy, an alleged money launderer for the group known as “Tropa;” Dmitry Pleshevskiy, a coder known as “Iseldor;” Ivan Vakhromeyev, a manger known as “Mushroom;” and Valery Sedleski, an administer known as “Strix.”


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Cheyenne Ligon

Cheyenne Ligon is a CoinDesk news reporter with a focus on crypto regulation and policy. She has no significant crypto holdings.