A Russian national wanted on cybercrime charges has made his first appearance in a U.S. federal court after being extradited hours earlier by South Korea to the United States.
The U.S. Department of Justice (DOJ) alleged on October 28 that 38-year-old Vladimir Dunayev was a member of an international “cybercriminal organization” that developed and distributed the “Trickbot” malware that targeted U.S. schools, hospitals, and governments.
“Trickbot attacked businesses and victims across the globe and infected millions of computers for theft and ransom, including networks of schools, banks, municipal governments, and companies in the health care, energy, and agriculture sectors,” Deputy Attorney General Lisa O. Monaco said in a statement.
She said Dunayev is the second overseas Trickbot defendant arrested in recent months, “making clear that, with our international partners, the Department of Justice can and will capture cybercriminals around the world.”
The indictment alleges that Dunayev and others “stole money, confidential information, and damaged computer systems from unsuspecting victims, including individuals, financial institutions, school districts, utility companies, government entities, and private businesses” from November 2015 through August 2020.
It alleges that Dunayev performed a variety of developer functions in support of the Trickbot malware, “including managing the malware’s execution, developing popular browser modifications, and helping to conceal the malware from detection by security software.”
The DOJ said the suspect resided in the Yakutsk region of Russia and in Southeast Asia.
Dozens of ethnic Russians have been extradited to the United States over the past decade to face hacking charges as the DOJ steps up its fight against the cybercrime pandemic.
The United States is forced to extradite Russian nations from third countries as Russia does not turn over its own citizens to foreign law enforcement.
The latest suspect had been stuck in South Korea since 2020 due to the coronavirus pandemic, Seoul media reported.
Dunayev’s Russian passport had expired and was in the process of obtaining a new one from the local Russian Embassy in order to exit South Korea and return home.
Trickbot, which was created in 2016, is designed to steal personal and financial information and has caused tens of millions of dollars in damages to date.
The Trickbot group operated in Russia, Belarus, Ukraine, and Suriname, according to the DOJ.
The malware is typically spread through email campaigns that entice an individual to open a malicious file attachment or click on a link that leads to a malicious file.
The creators of the Trickbot malware have continuously released new versions that evade the latest cyber security programs.
In February, the United States arrested Alla Witte, an ethnic Russian and TrickBot programmer, after she traveled to Miami.
Witte is charged with 19 counts of cybercrimes and is on trial in Cleveland, Ohio.