Alleged TrickBot Developer Arrested
A Russian That Presumably Worked for the TrickBot Malware Gang Was Recently Arrested in South Korea.
The TrickBot member was arrested after attempting to leave the country.
TrickBot cybercrime group is the one responsible for a multitude of sophisticated malware targeting Windows and Linux devices in order to gain access to victims’ networks, steal data, and deploy other malware, such as ransomware.
The publication KBS was the first to report that a Russian man had remained stranded in South Korea due to COVID-19 restrictions and that his passport subsequently expired.
The individual waited for over a year for his passport to be renewed. When trying to leave yet again South Korea he was intercepted and arrested after an extradition request submitted by the USA.
As The Record reported previously, the individual identified as Mister “A” has been taken into custody when trying to leave South Korea for his home country Russia. This happened after he has been stuck in the Asian country for more than 18 months; the official US investigation started when Mr. A was waiting for the release of his replacement passport.
Sources say the person in question worked as a web developer for the Trickbot operation back in 2016 while living in Russia.
The Russian man claims he did not know that he worked for a cybercrime gang after getting hired from an employment site.
When developing the software, the operation manual did not fall under malicious software.
The Russian individual’s attorney is currently fighting the USA extradition attempt, claiming that the USA will prosecute the individual unfairly.
If you send him to the United States, it will be very difficult to exercise your right of defense and there is a high possibility that you will be subjected to excessive punishment.
Some Background on TrickBot
TrickBot is responsible for numerous malware like BazaLoader, BazaBackdoor, PowerTrick, and Anchor, malicious tools used to gain access to corporate networks, steal files and network credentials, and ultimately deploy ransomware on the network.
Ryuk and Conti are believed to be operated by the TrickBot gang and are known to be deployed through their malware.
Even if we’ve seen some disruption in the gang’s activities, the group quickly rebuilt its infrastructure and continued to launch new malware campaigns that are targeting organizations worldwide.