[TheRecord] TrickBot gang member arrested after getting stuck in South Korea due to COVID-19 pandemic

A Russian man was arrested last week at the Seoul international airport on accusations of developing code for the TrickBot malware gang.

The man, identified in local media reports only as Mr. A, was arrested trying to leave South Korea for his native home in Russia after he’d been stuck in the Asian country for more than a year and a half.

The suspect, who arrived in February 2020, was initially prevented from leaving after Seoul officials canceled international travel at the onset of the COVID-19 pandemic.

When air travel restrictions were lifted, the suspect’s passport had expired, forcing Mr. A to live in a Seoul studio apartment until this summer while the local Russian embassy issued a replacement.

However, while the suspect was awaiting a passport replacement, US officials started an official investigation against TrickBot, a Russian-based malware gang that had used its botnet to facilitate ransomware attacks across the US throughout 2020.

While a takedown operation spearheaded by several security firms failed in October 2020, US officials had more success on a legal front, announcing the arrest of a 55-year-old Latvian woman named Alla Witte, who US prosecutors said worked as one of TrickBot’s programmers.

Similar to Witte’s indictment, a South Korean judge said Mr. A was charged for working with the TrickBot gang and developing a web browser-related component for the group after answering a job ad in 2016 — the same way Witte was recruited.

Documents in Witte’s case cite private conversations between TrickBot members regarding the recruitment process. Per these conversations, the TrickBot gang was upfront with the people who applied and told them what they’re doing was not legal.

Image: The Record

Per the same conversations cited in the Witte case, most who applied for the jobs realized they were doing “blackhat stuff.”

Trickbot lead members said in private conversations to each other that they were looking for candidates who did the recruitment test without asking too many questions.

“If they ask additional questions, this person is not suitable,” one message read.

Image: The Record

South Korean news outlet KBS said the suspect was arraigned in a Seoul court on Wednesday, September 2, on an international arrest warrant and extradition request to the US.

Mr. A is fighting this extradition. His lawyer claimed that if his client is sent to the US, he “will be subjected to excessive punishment.”

The post TrickBot gang member arrested after getting stuck in South Korea due to COVID-19 pandemic appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] Zero Trust Firm Xage Security Adds $6 Million ‘Top-up’ to $30 Million Series B Funding

All posts, Security Week

Palo Alto, Calif-based firm Xage has raised a $6 million top-up to the $30 million Series B funding it secured in January 2022. The new financing comes from SCF Partners, an investor in energy and critical infrastructure services, and Overture Venture Capital, which specializes in startups in government, energy and climate. read more Source: Read […]

Read More

[SecurityWeek] GE SCADA Product Vulnerabilities Show Importance of Secure Configurations

All posts, Security Week

GE Digital has released patches and mitigations for two high-severity vulnerabilities affecting its Proficy CIMPLICITY HMI/SCADA software, which is used by plants around the world to monitor and control operations. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[SecurityWeek] Tough Fight Looms Against Ransomware ‘Epidemic’

All posts, Security Week

The latest wave of ransomware attacks hitting the United States and globally portends a difficult battle against hackers, even as government and the private sector ramp up defenses. read more Source: Read More (SecurityWeek RSS Feed)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.