Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Identities of Cybercriminals Linked to Malware Loaders Revealed

Law enforcement reveals the identities of eight cybercriminals linked to recently disrupted malware loaders.

Authorities in Europe have revealed the identities of eight individuals linked to several malware loader families that were disrupted last week as part of Operation Endgame.

The suspects are wanted for their involvement in the distribution and administration of Bumblebee, IcedID, Pikabot, Smokeloader, SystemBC, and Trickbot, which have been used for years to steal user data, distribute other malware families, and facilitate phishing and other malicious activities.

As part of Operation Endgame, law enforcement agencies in 13 countries, with support from Europol, performed arrests and house searches, and shut down servers and seized domains serving as the infrastructure for the six malware loader families.

Europol also announced that it was monitoring financial accounts linked to eight suspects, including one that earned more than €69 million (roughly $75 million) in proceeds from the illegal activities.

On May 30, Europol added the eight individuals to its Most Wanted list, disclosing their alleged involvement in the operation of the malware loaders.

According to Europol, Airat Rustemovich Gruber, 42, of Russia, has been the administrator of the Smokeloader botnet, which first appeared in 2011, abusing the infected machines for data theft and the installation of other malware for a fee.

Five other Russian nationals, namely Oleg Vyacheslavovich Kucherov, Sergey Valerievich Polyak, Fedor Aleksandrovich Andreev, Georgy Sergeevich Tesman, and Anton Alexandrovich Bragin, are wanted for their ties with the TrickBot cybergang.

They allegedly sought new infection methods, searched for new victims, tested the malware, obfuscated the TrickBot code, and improved the botnet’s admin panel, respectively.

Advertisement. Scroll to continue reading.

Andrei Andreyevich Cherepanov and Nikolai Nikolaevich Chereshnev, Europol notes, presumably worked as crypters for TrickBot, ensuring that its code is disguised. Chereshnev also maintained the group’s VPN infrastructure.

“According to investigations conducted by the BKA [the German Federal Criminal Police Office], the TrickBot group temporarily consisted of more than 100 members. It works in an organized and hierarchically structured manner and is project and profit oriented. The group is responsible for the infection of several hundred thousand systems in Germany and worldwide,” Europol notes.

In addition to TrickBot, the TrickBot cybergang is also known for using malware families such as Bazarloader, Conti, Diavol, IcedID, Ryuk, and SystemBC.

The eight suspects are also listed on the BKA’s website, along with a brief on Operation Endgame and on the harm malware loaders can cause.

Related: German Authorities Take Down ‘Crimemarket’ Cybercrime Website

Related: Police Dismantle Major Ukrainian Ransomware Operation

Related: DoJ: Estonian Man Tried to Acquire US-Made Hacking Tools for Russia

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Gabriel Agboruche has been named Executive Director of OT and Cybersecurity at Jacobs.

Data security startup Reco adds Merritt Baer as CISO

Chris Pashley has been named CISO at Advanced Research Projects Agency for Health (ARPA-H).

More People On The Move

Expert Insights