Connect with us

Hi, what are you looking for?



Russian Pleads Guilty to Role in Developing TrickBot Malware

Russian national Vladimir Dunaev pleaded guilty to involvement in the development and use of the TrickBot malware that caused tens of millions of dollars in losses.

A Russian national has admitted to his role in developing and using the notorious TrickBot malware.

Vladimir Dunaev, 40, pleaded guilty to his involvement in the development and deployment of the TrickBot malware, which was used in cyberattacks against organizations worldwide, including hospitals and schools, causing tens of millions of dollars in losses.

Around since 2016, TrickBot was used to steal money and information, and acted as an initial access vector for other malware families, including ransomware such as Ryuk and Conti. The operation was taken down by law enforcement in 2022.

While active, the malware infected millions of computers worldwide, allowing threat actors to harvest sensitive information, including banking credentials, credit card numbers, social security numbers, dates of birth, emails, and passwords.

Dunaev, according to court documents, was part of the Trickbot gang between November 2015 and August 2020. In his role, he built “browser modifications and malicious tools that aided in credential harvesting and data mining from infected computers.”

He also developed tools that enabled the TrickBot operators to access the infected systems remotely, and helped the malware evade detection.

Documents presented in court also show that, while Dunaev was actively involved in the scheme, TrickBot was used to deploy ransomware on the networks of 10 victims in the United States, including schools and a real-estate company, which were defrauded of more than $3.4 million.

Arrested in South Korea, Dunaev was extradited to the US in 2021. He is scheduled for sentencing on March 20, 2024.

Advertisement. Scroll to continue reading.

Dunaev pleaded guilty to two counts of conspiracy to commit computer fraud and identity theft, and wire fraud and bank fraud. He faces up to 35 years in prison.

In February and September 2023, the US announced two rounds of sanctions against members of the TrickBot group, along with charges against numerous individuals involved in the malware’s development.

Related: Russian National Arrested, Charged for Role in LockBit Ransomware Attacks

Related: Russian Admits to Laundering Money for Ryuk Ransomware Gang

Related: US Sanctions Entities Aiding Russia’s Cyber Operations

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.