Cybercrime

Alleged Conti, TrickBot Gang Leader Unmasked

Russian national Vitaly Nikolaevich Kovalev is believed to be the leader of the Conti and TrickBot cybercrime groups.

Hacker unmasked

German authorities have named Russian national Vitaly Nikolaevich Kovalev as the founder and leader of the TrickBot cybercrime gang.

Established in 2016, the TrickBot group is believed to have infected millions of computers worldwide, exfiltrating sensitive information such as credentials, banking and credit card details, and personal information, while also enabling the deployment of other malware, such as ransomware.

Authorities targeted TrickBot’s infrastructure in takedown attempts in 2020 and 2024, and announced charges and sanctions against over a dozen group members in 2023, including Kovalev, believed at the time to be a senior figure within the cybercrime ring.

The Federal Criminal Police Office of Germany (BKA) now says that Kovalev, under the names of ‘Stern’ and ‘Ben’, founded the TrickBot gang and acted as its leader.

“The group used the Trickbot malware as well as other malware variants such as Bazarloader, SystemBC, IcedID, Ryuk, Conti, and Diavol. According to the investigations conducted by the BKA, at times, the Trickbot group consisted of more than 100 members,” the BKA says.

Targeting critical infrastructure, hospitals, private organizations, and individuals alike, the TrickBot group is believed to have made hundreds of millions of dollars by demanding ransom payments from its victims.

Advertisement. Scroll to continue reading.

BKA named Kovalev as the TrickBot gang leader roughly one month after a leaker using the online moniker ‘GangExposed’ published information on the identities of key members of the Conti and TrickBot groups.

Kovalev, the whistleblower says, is also the mastermind behind the Conti group, which emerged in 2020. In 2022, security researchers speculated that Conti acquired TrickBot.

“He wasn’t just a participant or a forum admin—he was the architect. The man behind the infrastructure, the money pipelines, and the global-scale attack coordination,” GangExposed claims.

The leaker notes that Kovalev is also known as ‘Stern’, ‘Ben’, ‘Bergen’, and ‘Alex Konor’, and that he made tens of millions of dollars in illegal proceeds from his cybercriminal activities. He is currently worth over $500 million in cryptocurrency, GangExposed says.

Related: More LockBit Hackers Arrested, Unmasked as Law Enforcement Seizes Servers

Related: TrickBot and Other Malware Droppers Disrupted by Law Enforcement

Related: Russian TrickBot Malware Developer Sentenced to Prison in US

Related: LockBit Ransomware Mastermind Unmasked, Charged

Related Content

Ransomware

The company has yet to determine the full scope, nature, and impact of the incident.

Cybercrime

The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid. 

Cybercrime

Angelo Martino, a former ransomware negotiator, was sentenced to 70 months for helping the BlackCat/Alphv group.

Data Breaches

Hackers accessed the institution’s internal network and deleted two drives containing employee, student, and university data.

Artificial Intelligence

Attack demonstrates how LLM agents can combine known exploitation techniques with real-time reasoning to automate complex, multi-stage intrusions.

Cybercrime

Prosecutors say 19-year-old Peter Stokes was a member of Scattered Spider, the hacking group linked to more than 100 network intrusions and over $100...

Ransomware

The Microsoft Defender vulnerability CVE-2026-33825 was exploited in the wild as a zero-day before patches were released.

Data Breaches

Roughly two dozen companies have notified their customers of the Klue-Salesforce incident impact.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version