The Federal Felony Police Workplace of Germany (Bundeskriminalamt or BKA) claims that Stern, the chief of the Trickbot and Conti cybercrime gangs, is a 36-year-old Russian named Vitaly Nikolaevich Kovalev.
“The topic is suspected of getting been the founding father of the ‘Trickbot’ group, also referred to as ‘Wizard Spider,'” BKA mentioned final week [English PDF], after one other spherical of seizures and costs a part of Operation Endgame, a joint international regulation enforcement motion concentrating on malware infrastructure and the risk actors behind it.
“The group used the Trickbot malware in addition to different malware variants resembling Bazarloader, SystemBC, IcedID, Ryuk, Conti and Diavol.”
Kovalev is now additionally wished in Germany, based on a lately issued Interpol crimson discover saying he was charged with being the ringleader of an unnamed felony group.
Nevertheless, this is not the primary time regulation enforcement has focused Kovalev for his involvement in a cybercriminal group. In February 2023, he was one in all seven Russians sanctioned and charged in america for his or her hyperlinks to the TrickBot and Conti cybercrime gangs.
Nonetheless, he was solely tagged on the time as a senior determine inside the Trickbot group utilizing the aliases “Bentley,” “Bergen,” “Alex Konor,” and “Ben.”
The sanctions got here after an enormous trove of non-public data and inside conversations was leaked from TrickBot and Conti members in what was referred to as TrickLeaks and ContiLeaks.
Whereas ContiLeaks supplied entry to the gang’s inside conversations and supply code, TrickLeaks went one step additional, leaking the identities, on-line accounts, and private data of TrickBot members on Twitter.
These conversations uncovered that Kovalev, beneath the alias “Stern,” was accountable for the TrickBot operation and the Ryuk and Conti ransomware gangs. The chats illustrated how the opposite members would contact Stern for approval earlier than conducting assaults or hiring legal professionals for Trickbot members arrested in america.
The leaks finally expedited Conti’s shutdown, with the cybercrime members transferring to different operations or beginning new gangs, together with Royal, Black Basta, BlackCat, AvosLocker, Karakurt, LockBit, Silent Ransom, DagonLocker, and ZEON.
“In accordance with the investigations carried out by the BKA, at occasions, the Trickbot group consisted of greater than 100 members. It really works in an organized and hierarchically structured method and is venture and profit-oriented,” BKA added final Friday.
“The group is accountable for the an infection of a number of hundred thousand techniques in Germany and worldwide; by means of its unlawful actions it has obtained funds within the three-digit million vary. Its victims embody hospitals, public services, firms, public authorities, and personal people.”
Whereas Kovalev’s present whereabouts are unknown, German police imagine that he at present lives in Russia and have requested for any data that might result in his seize, together with his present on-line accounts or what communication channels he makes use of.
Primarily based on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK methods behind 93% of assaults and find out how to defend in opposition to them.