[TheRecord] TrickBot gang member arrested after getting stuck in South Korea due to COVID-19 pandemic

A Russian man was arrested last week at the Seoul international airport on accusations of developing code for the TrickBot malware gang.

The man, identified in local media reports only as Mr. A, was arrested trying to leave South Korea for his native home in Russia after he’d been stuck in the Asian country for more than a year and a half.

The suspect, who arrived in February 2020, was initially prevented from leaving after Seoul officials canceled international travel at the onset of the COVID-19 pandemic.

When air travel restrictions were lifted, the suspect’s passport had expired, forcing Mr. A to live in a Seoul studio apartment until this summer while the local Russian embassy issued a replacement.

However, while the suspect was awaiting a passport replacement, US officials started an official investigation against TrickBot, a Russian-based malware gang that had used its botnet to facilitate ransomware attacks across the US throughout 2020.

While a takedown operation spearheaded by several security firms failed in October 2020, US officials had more success on a legal front, announcing the arrest of a 55-year-old Latvian woman named Alla Witte, who US prosecutors said worked as one of TrickBot’s programmers.

Similar to Witte’s indictment, a South Korean judge said Mr. A was charged for working with the TrickBot gang and developing a web browser-related component for the group after answering a job ad in 2016 — the same way Witte was recruited.

Documents in Witte’s case cite private conversations between TrickBot members regarding the recruitment process. Per these conversations, the TrickBot gang was upfront with the people who applied and told them what they’re doing was not legal.

Image: The Record

Per the same conversations cited in the Witte case, most who applied for the jobs realized they were doing “blackhat stuff.”

Trickbot lead members said in private conversations to each other that they were looking for candidates who did the recruitment test without asking too many questions.

“If they ask additional questions, this person is not suitable,” one message read.

Image: The Record

South Korean news outlet KBS said the suspect was arraigned in a Seoul court on Wednesday, September 2, on an international arrest warrant and extradition request to the US.

Mr. A is fighting this extradition. His lawyer claimed that if his client is sent to the US, he “will be subjected to excessive punishment.”

The post TrickBot gang member arrested after getting stuck in South Korea due to COVID-19 pandemic appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ZDNet] Howard University announces ransomware attack, shuts down classes on Tuesday

All posts, ZDNet

The prominent HBCU was forced to cancel classes on Tuesday after a ransomware attack on September 3. Source: Read More (Latest topics for ZDNet in Security)

Read More

[SecurityWeek] CISA Warns of Threat Posed by Ransomware to Industrial Systems

All posts, Security Week

Following the devastating attack on Colonial Pipeline, the largest refined products pipeline in the United States, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet focusing on the threat posed by ransomware to operational technology (OT) assets and industrial control systems (ICS). read more Source: Read More (SecurityWeek RSS Feed)

Read More

Daily NCSC-FI news followup 2020-10-09

We Hacked Apple for 3 Months: Here’s What We Found samcurry.net/hacking-apple/ There were a total of 55 vulnerabilities discovered with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports. As of now, October 8th, we have received 32 payments totaling $288, 500 for various vulnerabilities. However, it appears that Apple […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.