The Federal Prison Police Workplace of Germany (Bundeskriminalamt or BKA) claims that Stern, the chief of the Trickbot and Conti cybercrime gangs, is a 36-year-old Russian named Vitaly Nikolaevich Kovalev.
“The topic is suspected of getting been the founding father of the ‘Trickbot’ group, also referred to as ‘Wizard Spider,'” BKA mentioned final week [English PDF], after one other spherical of seizures and prices a part of Operation Endgame, a joint international regulation enforcement motion concentrating on malware infrastructure and the risk actors behind it.
“The group used the Trickbot malware in addition to different malware variants similar to Bazarloader, SystemBC, IcedID, Ryuk, Conti and Diavol.”
Kovalev is now additionally wished in Germany, in line with a lately issued Interpol pink discover saying he was charged with being the ringleader of an unnamed felony group.
Nevertheless, this is not the primary time regulation enforcement has focused Kovalev for his involvement in a cybercriminal group. In February 2023, he was one in all seven Russians sanctioned and charged in america for his or her hyperlinks to the TrickBot and Conti cybercrime gangs.
Nonetheless, he was solely tagged on the time as a senior determine inside the Trickbot group utilizing the aliases “Bentley,” “Bergen,” “Alex Konor,” and “Ben.”
The sanctions got here after an enormous trove of private info and inside conversations was leaked from TrickBot and Conti members in what was referred to as TrickLeaks and ContiLeaks.
Whereas ContiLeaks offered entry to the gang’s inside conversations and supply code, TrickLeaks went one step additional, leaking the identities, on-line accounts, and private info of TrickBot members on Twitter.
These conversations uncovered that Kovalev, underneath the alias “Stern,” was in control of the TrickBot operation and the Ryuk and Conti ransomware gangs. The chats illustrated how the opposite members would contact Stern for approval earlier than conducting assaults or hiring legal professionals for Trickbot members arrested in america.
The leaks finally expedited Conti’s shutdown, with the cybercrime members transferring to different operations or beginning new gangs, together with Royal, Black Basta, BlackCat, AvosLocker, Karakurt, LockBit, Silent Ransom, DagonLocker, and ZEON.
“In accordance with the investigations performed by the BKA, at occasions, the Trickbot group consisted of greater than 100 members. It really works in an organized and hierarchically structured method and is challenge and profit-oriented,” BKA added final Friday.
“The group is accountable for the an infection of a number of hundred thousand techniques in Germany and worldwide; via its unlawful actions it has obtained funds within the three-digit million vary. Its victims embrace hospitals, public services, firms, public authorities, and personal people.”
Whereas Kovalev’s present whereabouts are unknown, German police consider that he at present lives in Russia and have requested for any info that would result in his seize, together with his present on-line accounts or what communication channels he makes use of.
Primarily based on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK methods behind 93% of assaults and how one can defend in opposition to them.
