


The United States and the UK announced on Feb. 9 that they are sanctioning seven people associated with a Russian cybercriminal gang for their alleged role in conducting malign cyber activities against their nations and allies.
Washington and London sanctioned the members of Trickbot, a Russian cybercriminal outfit that specializes in stealing financial data, for their alleged roles in launching attacks on hospitals and government institutions.
“Cyber criminals, particularly those based in Russia, seek to attack critical infrastructure, target U.S. businesses, and exploit the international financial system,” said U.S. Treasury Under Secretary Brian Nelson in a prepared statement.
“The United States is taking action today in partnership with the United Kingdom because international cooperation is key to addressing Russian cybercrime.”
The announcement marks the first time that the UK has participated in such targeted sanctions with the United States, which the Treasury attributed to ongoing collaboration between itself and key British institutions.
A Treasury statement said that Trickbot originated in 2014 with the creation of the Dyre trojan banking malware and evolved from Dyre in 2016 to become both malware and the name of the cybercriminal group consisting largely of individuals located in Moscow.
The group specializes in targeting non-Russian individuals, businesses, and financial institutions, and has created a modular malware suite that allows it to conduct an array of illegal activities.
According to the Treasury, Trickbot engaged in a targeted campaign against U.S. hospitals, in which it held vital healthcare systems hostage with ransomware during the height of the Covid crisis.
In one of these attacks, the Trickbot group deployed ransomware against three Minnesota medical facilities, disrupting their computer networks and telephones, and causing a diversion of ambulances.
“By sanctioning these cybercriminals, we are sending a clear signal to them and others involved in ransomware that they will be held to account,” said UK Foreign Secretary James Cleverly in a prepared statement.
“These cynical cyber attacks cause real damage to people’s lives and livelihoods. We will always put our national security first by protecting the UK and our allies from serious organised crime—whatever its form and wherever it originates.”
The seven sanctioned individuals are believed to be closely associated with the Russian Intelligence Services. The Treasury said that Trickbot more broadly is believed to have aligned with Russian state interests since 2020 and to have engaged in cyber attacks on the U.S. government.
They include Vitaly “Bentley” Kovalev, Maksim “Baget” Mikhailov, Valentin “Globus” Karyagin, Mikhail “Tropa” Iskritskiy, Dmitry “Iseldor” Pleshevskiy, Ivan “Mushroom” Vakhromeyev, and Valery “Strix” Sedletski, all of whom are alleged to have been involved in the management, administration, or delivery of the group’s malware.
The sanctions mean that all their property and interests in the United States or in possession of U.S. citizens must be blocked and reported and that those who engage in transactions with them may also be designated for sanction.