Russian hackers who backed Ukraine battle and focused UK hospitals throughout COVID pandemic are hit with sanctions

Sep 07, 2023 at 5:00 PM
Russian hackers who backed Ukraine battle and focused UK hospitals throughout COVID pandemic are hit with sanctions

Eleven members of a Russian hacking gang that supported Vladimir Putin’s invasion of Ukraine and focused UK hospitals throughout the COVID pandemic have been hit with sanctions.

The Trickbot group extorted a minimum of $180m (£145m) internationally, together with a minimum of £27m from 149 victims within the UK, the place it focused faculties, councils and companies, based on the National Crime Agency (NCA).

The gang is accused of infecting thousands and thousands of computer systems worldwide with malware.

It additionally provided help for Russia’s battle in Ukraine and key members are believed to take care of hyperlinks to Russian intelligence companies from whom they’ve probably acquired directions, the Foreign Office mentioned.

The gang additionally threatened those that opposed the Kremlin’s invasion, based on the federal government division.

The UK and US on Thursday imposed sanctions on 11 of its members.

NCA Director General of Operations Rob Jones mentioned: “These sanctions are a continuation of our marketing campaign in opposition to worldwide cyber criminals.

“Attacks by this ransomware group have caused significant damage to our businesses and ruined livelihoods, with victims having to deal with the prolonged impact of financial and data losses.

“These criminals thought they had been untouchable, however our message is evident: we all know who you might be and, working with our companions, we won’t cease in our efforts to carry you to justice.”

Who are the hackers hit with sanctions?

:: Andrey Zhuykov was a central actor within the group and a senior administrator. Known by the net monikers “Defender”, “Dif” and “Adam”.

:: Maksim Galochkin led a gaggle of testers, with obligations for growth, supervision and implementation of checks. Known by the net monikers “Bentley”, “Volhvb” and “Max17”.

:: Maksim Rudenskiy was a key member of the Trickbot group and was the workforce lead for coders. Known by the net monikers Buza, Silver and Binman.

:: Mikhail Tsarev was a mid-level supervisor who assisted with the group’s funds and overseeing of HR features. Known by the net monikers Mango, Frances and Khano.

– Dmitry Putilin was related to the acquisition of Trickbot infrastructure. Known by the net monikers Grad and Staff.

:: Maksim Khaliullin was an HR supervisor for the group. He was related to the acquisition of Trickbot infrastructure together with procuring Virtual Private Servers (VPS). Known by the net moniker Kagas.

:: Sergey Loguntsov was a developer for the group. Known by the net monikers Begemot, Begemot_Sun and Zulas.

:: Alexander Mozhaev was a part of the admin workforce chargeable for normal administration duties. Known by the net monikers Green and Rocco.

:: Vadym Valiakhmetov labored as a coder and his duties included backdoor and loader tasks. Known by the net monikers Weldon, Mentos and Vasm.

:: Artem Kurov labored as a coder with growth duties within the Trickbot group. Known by the net moniker Naned.

– Mikhail Chernov was a part of the interior utilities group. Known by the net monikers “Bullet” and “m2686”.

It comes after seven members of the identical group had been hit with sanctions in February.

All 18 at the moment are topic to journey bans and asset freezes in addition to being restricted of their use of the professional world monetary system.

Read extra from Sky News:
Russia-linked cyber attack groups ‘want to destroy’ UK’
Microsoft reveals extent of attacks by Russian hackers on Ukraine allies

While largely symbolic, given the sanctions already imposed on Russia and the unlikelihood of hackers primarily based there, officers say they will make it tougher for them to launder cash.

US officers have indicted 9 individuals, together with seven of the most recent group to be sanctioned, tied to the gang’s malware and the Conti ransomware schemes.

Foreign Secretary James Cleverly mentioned: “These cyber-criminals thrive off anonymity, shifting within the shadows of the web to trigger most injury and extort cash from their victims.

“Our sanctions show they cannot act with impunity. We know who they are and what they are doing.

“By exposing their identities, we’re dismantling their enterprise fashions, making it tougher for them to focus on our individuals, our companies and our establishments.”