The US and UK have jointly announced sanctions against 11 Russians they believe are members of the Trickbot hacker group.
Trickbot and their namesake banking Trojan were first described by cybersecurity researchers in 2016. As BleepingComputer wrote, they sent phishing emails to employees of American corporations to infect computers; including writing to victims on behalf of officials that they had received a complaint from colleagues about harassment.
Researchers previously estimated the total number of Trojan-infected devices at two million and called them the world's largest network of bots. US and British intelligence agencies believe that the total hackers stole at least $180 million. They also linked them to a series of attacks on American private clinic networks in the fall of 2020, during the coronavirus pandemic. Then their employees temporarily found themselves without access to office computers and phones.
In addition to the names, the sanctions lists indicated the dates of birth of the hackers, nicknames, email addresses and intended roles in the group. The leader was 41-year-old Andrey Zhukov with the nickname Defender, hackers with the nicknames Misha Krutysha, Mentos and Begemot are also mentioned there. US and UK authorities claim that Trickbot “has ties to Russian intelligence agencies.” The Wired edition, which published excerpts from the internal correspondence of hackers last year, came to the conclusion that there was no direct connection and the hackers were not intelligence officers. At the same time, in 2020, they mentioned in correspondence that they want to open an office in Russia for “government tasks.”
In 2021, the US authorities reported on the arrest of 55-year-old member of the Trickbot group, Latvian citizen Alla Witte.< /p>