• Sun. Nov 19th, 2023

Disrupting Russian Cybercrime: U.S. and UK Sanction Trickbot Group and Its Members


Feb 10, 2023
Image credit: FBI

Washington, D.C. — The United States, in coordination with the United Kingdom, has designated seven individuals who are part of the Russia-based cybercrime gang Trickbot. This action represents the first-ever sanctions of their kind for the UK and is the result of a collaborative partnership between the U.S. Department of the Treasury’s Office of Foreign Assets Control and the UK’s Foreign, Commonwealth, and Development Office, National Crime Agency, and His Majesty’s Treasury to disrupt Russian cybercrime and ransomware.

“Cyber criminals, particularly those based in Russia, seek to attack critical infrastructure, target U.S. businesses, and exploit the international financial system,” said Under Secretary Brian E. Nelson. “The United States is taking action today in partnership with the United Kingdom because international cooperation is key to addressing Russian cybercrime.”

Trickbot is a notorious cybercrime group that was first identified in 2016 by security researchers. The group evolved from the Dyre trojan, which was developed and operated by a group of cybercriminals to steal financial data. Trickbot has since evolved into a highly modular malware suite that provides the group with the ability to conduct a variety of illegal cyber activities, including ransomware attacks. During the height of the COVID-19 pandemic in 2020, Trickbot targeted hospitals and healthcare centers, launching a wave of ransomware attacks against hospitals across the United States.

The Trickbot Group is associated with Russian Intelligence Services and their preparations in 2020 aligned with Russian state objectives and targeting previously conducted by Russian Intelligence Services. This included targeting the U.S. government and U.S. companies. Current members of the Trickbot Group are Vitaly Kovalev, Maksim Mikhailov, Valentin Karyagin, Mikhail Iskritskiy, Dmitry Pleshevskiy, Ivan Vakhromeyev, and Valery Sedletski.

As a result of the sanctions, all property and interests in property of the designated individuals that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC. OFAC’s regulations generally prohibit all dealings by U.S. persons or within the United States that involve any property or interests in property of blocked or designated persons. In addition, persons that engage in certain transactions with the designated individuals may themselves be exposed to designation. Furthermore, any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the designated individuals could be subject to U.S. correspondent or payable-through account sanctions.

The US and the UK are leaders in the global fight against cybercrime and are committed to using all available authorities and tools to defend against cyber threats. The Trickbot Group’s malicious cyber activities have targeted critical infrastructure, including hospitals and medical facilities, in both the US and the UK. It is hoped that the sanctions against Trickbot and its members send a strong message that the international community will not tolerate such malicious cyber activities and will take action to disrupt them.

As stated in the press release, the ultimate goal of the sanctions is not to punish, but to bring about a positive change in behavior. The power and integrity of OFAC sanctions derive not only from its ability to designate and add persons to the Specially Designated Nationals and Blocked Persons (SDN) List but also from its willingness to remove persons from the SDN List consistent with the law.

The designation of Trickbot and its members is a significant development in the global fight against cybercrime and highlights the cooperation and commitment of the US and the UK to use all available authorities and tools to defend against cyber threats.