{
	"id": "267b5405-46c7-4d56-9587-d908d1a2c0b4",
	"created_at": "2026-04-06T00:11:18.891854Z",
	"updated_at": "2026-04-10T13:12:08.648577Z",
	"deleted_at": null,
	"sha1_hash": "d5ac449f392954021cf0e59cdded0eca945b7601",
	"title": "Russian TrickBot malware dev sentenced to 64 months in prison",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1443393,
	"plain_text": "Russian TrickBot malware dev sentenced to 64 months in prison\r\nBy Sergiu Gatlan\r\nPublished: 2024-01-25 · Archived: 2026-04-05 21:33:48 UTC\r\nRussian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and\r\ndistributing the Trickbot malware used in attacks against hospitals, companies, and individuals worldwide.\r\nAccording to court documents, the 40-year-old individual (also known as FFX) was the one who oversaw the development\r\nof the malware's browser injection component.\r\nIn September 2021, Dunaev was arrested while trying to leave South Korea after being stuck there for over a year due to\r\nCOVID-19 travel restrictions and an expired passport. The extradition process to the United States was completed on\r\nOctober 20, 2021.\r\nhttps://www.bleepingcomputer.com/news/security/russian-trickbot-malware-dev-sentenced-to-64-months-in-prison/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/russian-trickbot-malware-dev-sentenced-to-64-months-in-prison/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nAfter his arrest, he pleaded guilty to charges related to conspiring to commit computer fraud and identity theft, in addition to\r\nconspiring to commit wire and bank fraud, facing a maximum sentence of 35 years in prison for both offenses.\r\nThe initial indictment accused Dunaev and eight co-defendants of engaging in the development, deployment, administration,\r\nand financial gains from the Trickbot malware operation.\r\n\"Dunaev developed malicious ransomware and deployed it to attack American hospitals, schools, and businesses in the\r\nNorthern District of Ohio and throughout our country, all while hiding behind his computer,\" said U.S. Attorney Rebecca C.\r\nLutzko.\r\n\"He and his co-defendants caused immeasurable disruption and financial damage, maliciously infecting millions of\r\ncomputers worldwide, and Dunaev will now spend over five years behind bars as a result.\"\r\nTrickBot arrests and sanctions\r\nDunaev began working for the TrickBot malware syndicate in June 2016 as a developer following a recruitment process that\r\nrequired him to create a SOCKS server app and modify the Firefox browser for malware delivery.\r\nThe TrickBot malware he helped develop enabled cybercriminals to collect infected victims' sensitive information (such as\r\nlogin credentials, credit card information, emails, passwords, social security numbers, and addresses) and siphon off funds\r\nfrom victims' bank accounts\r\nDunaev is the second TrickBot malware dev prosecuted by the U.S. Department of Justice after Latvian national Alla Witte\r\n(aka Max) was apprehended in February 2021 and charged with helping develop the module designed to deploy ransomware\r\non compromised networks.\r\nIn February and September, the U.S. and the U.K. sanctioned 18 Russians linked to the TrickBot and Conti cybercrime\r\ngangs for their involvement in the extortion of at least $180 million, warning that some Trickbot group members were also\r\nassociated with Russian intelligence services.\r\nTrickBot's evolution and Conti links\r\nInitially focused on banking credentials theft upon its emergence in 2015, TrickBot quickly mutated into a modular tool used\r\nby cybercrime organizations (including the Ryuk and Conti ransomware operations) to gain initial access to corporate\r\nnetworks.\r\nDespite several takedown attempts, the Conti cybercrime group assumed control of the malware, using it to develop other\r\ncomplex and stealthier malware variants like Anchor and BazarBackdoor.\r\nHowever, in the wake of Russia's invasion of Ukraine, a Ukrainian researcher leaked Conti's internal communications\r\nonline, exposing its links with the TrickBot operation.\r\nAn anonymous entity (TrickLeaks) later disclosed more information on the TrickBot gang, shedding further light on its links\r\nwith Conti.\r\nThese disclosures ultimately expedited Conti's shutdown, which fragmented into other ransomware groups now tracked as\r\nRoyal, Black Basta, and ZEON.\r\nhttps://www.bleepingcomputer.com/news/security/russian-trickbot-malware-dev-sentenced-to-64-months-in-prison/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/russian-trickbot-malware-dev-sentenced-to-64-months-in-prison/\r\nhttps://www.bleepingcomputer.com/news/security/russian-trickbot-malware-dev-sentenced-to-64-months-in-prison/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/russian-trickbot-malware-dev-sentenced-to-64-months-in-prison/"
	],
	"report_names": [
		"russian-trickbot-malware-dev-sentenced-to-64-months-in-prison"
	],
	"threat_actors": [],
	"ts_created_at": 1775434278,
	"ts_updated_at": 1775826728,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d5ac449f392954021cf0e59cdded0eca945b7601.pdf",
		"text": "https://archive.orkl.eu/d5ac449f392954021cf0e59cdded0eca945b7601.txt",
		"img": "https://archive.orkl.eu/d5ac449f392954021cf0e59cdded0eca945b7601.jpg"
	}
}