Russian developer of Trickbot malware pleads guilty and faces 35 years in prison


A Russian national pleaded guilty Thursday in federal court in Cleveland to charges related to his involvement in the development and deployment of the malware known as Trickbot. He faces a maximum sentence of 35 years, The US Department of Justice said.

According to court documents, Vladimir Dunaev, 40, was a member of a cybercriminal organization that deployed Trickbot to steal money and install ransomware on victims’ computers. The group’s victims – including hospitals, schools and businesses across the United States – suffered losses in the tens of millions of dollars.

Trickbot, which was taken down last year, is believed to have stolen more than $180 million worldwide. Dunaev was extradited from South Korea to the United States in 2021.

Dunaev was actively involved in Trickbot’s operations, the DOJ said. In particular, it created browser modifications and malicious tools to harvest credentials and extract data from infected computers. He also improved remote access for Trickbot actors and developed code to evade detection by legitimate security software.

“Dunaev and his co-defendants hid behind their keyboards, first to create Trickbot, and then used it to infect millions of computers around the world… invading privacy and causing untold disruption and financial damage,” indicates the Ministry of Justice in a press release.

Ten victims in the Northern District of Ohio, including Avon schools and a North Canton real estate company, were defrauded of more than $3.4 million via ransomware deployed by Trickbot while Dunaev was involved in the operation, prosecutors said.

In June, one of Dunaev’s accomplices, Alla Witte, a Trickbot malware developer and Latvian national, pleaded guilty and was sentenced to two years and eight months in prison.

In February and September, the United States and the United Kingdom also published financial sanctions against 18 other Trickbot members, freezing their assets and imposing travel bans.

The individuals targeted by the sanctions “include key players involved in the management and procurement of the Trickbot group, which has ties to Russian intelligence services.” according to the US Treasury.

Get more information with the

Future saved

Intelligence cloud.

Learn more.

No previous articles

No new articles

Daryna Antoniuk is a freelance journalist for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe, and the state of the Ukraine-Russia cyberwar. She was previously a tech journalist for Forbes Ukraine. His work has also been published in Sifted, The Kyiv Independent and The Kyiv Post.

Leave a comment