COURT DOC: Russian National Extradited to United States to Face Charges for Alleged Role in Cybercriminal Organization

According to the U.S. Department of Justice, “A Russian national, residing in the Yakutsk region of Russia and in Southeast Asia, had his initial appearance in federal court today after his extradition from the Republic of Korea to the Northern District of Ohio to face charges for his alleged role in a transnational, cybercriminal organization.”

“According to court documents, Vladimir Dunaev, 38, was a member of a transnational, cybercriminal organization that deployed a computer banking trojan and ransomware suite of malware known as ‘Trickbot.'”

“The indictment alleges that beginning in November 2015, and continuing through August 2020, Dunaev and others stole money, confidential information, and damaged computer systems from unsuspecting victims, including individuals, financial institutions, school districts, utility companies, government entities, and private businesses. To perpetuate their criminal scheme, the defendants allegedly used a network of co-conspirators and freelance computer programmers, known as the Trickbot Group, to create, deploy, and manage the Trickbot malware, which infected millions of computers and computer systems worldwide.”

“Dunaev is alleged to have been one such co-conspirator, working as a malware developer for the Trickbot Group. Dunaev allegedly performed a variety of developer functions in support of the Trickbot malware, including managing the malware’s execution, developing popular browser modifications and helping to conceal the malware from detection by security software.” 

According to court documents, the Trickbot malware was designed to capture online banking login credentials and harvest other personal information, including credit card numbers, emails, passwords, dates of birth, social security numbers, and addresses from infected computers through the use of web injects and keystroke logging. Later versions of Trickbot were adapted to facilitate the installation and use of ransomware. 

“According to the indictment, the defendants used these stolen login credentials and other personal information to gain access to online bank accounts, execute unauthorized electronic funds transfers and launder the money through U.S. and foreign beneficiary accounts.” (Source: U.S. Department of Justice)