US, UK take action against members of the Russian-linked Trickbot hacker syndicate
U.S. and U.K. officials on Thursday announced sanctions against 11 alleged members of the notorious Trickbot cybercrime syndicate, saying that the people were key to the group’s management and procurement efforts.
Thursday’s action marks the second time in seven months the two governments have sanctioned members of a cybercrime group that has “ties to Russian intelligence services and has targeted the U.S. Government and U.S. companies,” the U.S. Treasury Department said in a statement.
The alleged Trickbot members sanctioned Thursday are: Andrey Zhuykov, Maksim Galochkin, Maksim Rudenskiy, Mikhail Tsarev, Dmitry Putilin, Maksim Khaliullin, Sergey Loguntsov, Vadym Valiakhmetov, Artem Kurov, Mikhail Chernov and Alexander Mozhaev. The two governments sanctioned seven other members in February.
The U.S. Department of Justice also unsealed indictments filed in three U.S. jurisdictions against some of the sanctioned individuals for their roles in Trickbot activity as well as connections to the Conti ransomware operation. Charges — filed in the Northern District of Ohio, the Middle District of Tennessee and the Southern District of California — relate to the individuals’ alleged roles in stealing money and confidential information, and various ransomware attacks.
Charges against Golochkin in the Southern District of California, for instance, are the result of the May 1, 2021, Scripps Health ransomware attack, according to the DOJ. Scripps Health lost access to healthcare systems at two of its hospitals and couldn’t access its electronic medial record system and forced the re-routing of stroke and heart attack patients from four of its hospitals, the HIPAA Journal reported in August 2021. Losses from the attack exceeded $113 million, the news outlet reported.
An Aug. 30 story published by Wired, which mined the trove of Trickbot leaks published in the wake of the Russian invasion of Ukraine, detailed the apparent key role Galochkin played in the group’s day-to-day operations.
“The Justice Department has taken action against individuals we allege developed and deployed a dangerous malware scheme used in cyberattacks on American school districts, local governments, and financial institutions,” Attorney General Merrick Garland said in the statement. “Separately, we have also taken action against individuals we allege are behind one of the most prolific ransomware variants used in cyberattacks across the United States, including attacks on local police departments and emergency medical services.”
FBI Director Christopher Wray said in a statement that the sanctions and indictments “shows our ongoing commitment to bringing the most heinous cyber criminals to justice — those who have devoted themselves to inflicting harm on the American public, our hospitals, schools, and businesses.”
