A Russian man pleaded guilty to charges related to his involvement in the Trickbot malware. Volodymyr Dunaev (40 years old), who works at the Amur explosion company, was involved in cyberattacks on hospitals, schools and enterprises, which caused losses of tens of millions of dollars. Trickbot, a modular malware designed to steal credentials and install backdoors, helped provide initial access to ransomware groups like Ryuk and Conti. According to the US Department of Justice, Dunaev developed browser modifications and malicious tools to collect credentials and other data from infected computers.
He pleaded guilty to conspiracy to commit computer fraud and identity theft, as well as conspiracy to commit wire fraud. He is scheduled to be sentenced on March 20, 2024, and faces up to 35 years in prison on both charges.
“As stated in the plea agreement, Volodymyr Dunaev used his experience and knowledge as a computer programmer to develop Trickbot malware,” said Rebecca Lutko, the U.S. Attorney for the Northern District of Ohio. Dunaev and his co-defendants hid behind a keyboard and initially created Trickbot, which they used to infect millions of computers around the world, including in hospitals, schools, and businesses, resulting in privacy violations, massive disruptions, and economic losses.”
One of Dunayev’s accomplices, Ala Witte, a fellow developer of the Trickbot malware, pleaded guilty in June to conspiracy to commit computer fraud and was sentenced to two years and eight months in prison. According to the Department of Justice (DoJ), Witte and her co-conspirators stole money and sensitive information around the world from individuals and companies, including banks, beginning in November 2015. Trickbot was successfully exposed by US authorities, but many of its members are believed to be still at large. In February and September of this year, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) imposed financial sanctions on several suspects.