The Federal Felony Police Workplace of Germany (Bundeskriminalamt or BKA) claims that Stern, the chief of the Trickbot and Conti cybercrime gangs, is a 36-year-old Russian named Vitaly Nikolaevich Kovalev.
“The topic is suspected of getting been the founding father of the ‘Trickbot’ group, often known as ‘Wizard Spider,'” BKA stated final week (English PDF), after one other spherical of seizures and fees a part of Operation Endgame, a joint world regulation enforcement motion focusing on malware infrastructure and the risk actors behind it.
“The group used the Trickbot malware in addition to different malware variants resembling Bazarloader, SystemBC, IcedID, Ryuk, Conti and Diavol.”
Kovalev is now additionally needed in Germany, in accordance with a just lately issued Interpol purple discover saying he was charged with being the ringleader of an unnamed prison group.
Nevertheless, this is not the primary time regulation enforcement has focused Kovalev for his involvement in a cybercriminal group. In February 2023, he was considered one of seven Russians sanctioned and charged in america for his or her hyperlinks to the TrickBot and Conti cybercrime gangs.
Nonetheless, he was solely tagged on the time as a senior determine inside the Trickbot group utilizing the aliases “Bentley,” “Bergen,” “Alex Konor,” and “Ben.”
Vitaly Nikolayevich Kovalev (US Secret Service)
The sanctions got here after a large trove of non-public info and inside conversations was leaked from TrickBot and Conti members in what was known as TrickLeaks and ContiLeaks.
Whereas ContiLeaks offered entry to the gang’s inside conversations and supply code, TrickLeaks went one step additional, leaking the identities, on-line accounts, and private info of TrickBot members on Twitter.
These conversations uncovered that Kovalev, underneath the alias “Stern,” was in control of the TrickBot operation and the Ryuk and Conti ransomware gangs. The chats illustrated how the opposite members would contact Stern for approval earlier than conducting assaults or hiring attorneys for Trickbot members arrested in america.
The leaks in the end expedited Conti’s shutdown, with the cybercrime members shifting to different operations or beginning new gangs, together with Royal, Black Basta, BlackCat, AvosLocker, Karakurt, LockBit, Silent Ransom, DagonLocker, and ZEON.
“In accordance with the investigations performed by the BKA, at occasions, the Trickbot group consisted of greater than 100 members. It really works in an organized and hierarchically structured method and is challenge and profit-oriented,” BKA added final Friday.
“The group is liable for the an infection of a number of hundred thousand techniques in Germany and worldwide; via its unlawful actions it has obtained funds within the three-digit million vary. Its victims embody hospitals, public amenities, corporations, public authorities, and personal people.”
Whereas Kovalev’s present whereabouts are unknown, German police imagine that he presently lives in Russia and have requested for any info that would result in his seize, together with his present on-line accounts or what communication channels he makes use of.
Based mostly on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK methods behind 93% of assaults and methods to defend in opposition to them.
