The US Treasury Department’s Office of Foreign Assets Control (OFAC) reported Thursday that, in coordination with the United Kingdom, it had imposed sanctions on 11 people who are part of the intelligence-linked Russian cybercrime group Trickbot.
In another simultaneous lawsuit, for which no further details were released, the US Department of Justice on Thursday indicted nine people in connection with the Trickbot malware and Conti ransomware programs. Seven of them are also on the OFAC sanctions list.
The sanctions include administrators, managers, developers and programmers who have materially supported Trickbot in its operations, a group that has ties to Russian intelligence agencies and has targeted the US government and corporations.
“Russia has long been a safe haven for cybercriminals, including the Trickbot group,” OFAC said.
What is Trickbot and when was it first identified?
These sanctions come after the United States and the United Kingdom announced a similar decision against members of the group in February.
First identified by security researchers in 2016, Trickbot was a trojan virus that evolved from Dyre, a Moscow-based human-powered online banking trojan that began infecting non-Russian companies and entities in the mid-2000s to take aim. 2014
Dyre and Trickbot were developed and operated by a group of cyber criminals to steal financial data.
Trickbot Trojan viruses infected millions of computers worldwide, including those of US companies and individual victims.
For example, during the peak of the COVID-19 pandemic in 2020, Trickbot targeted hospitals and healthcare facilities, unleashing a wave of ransomware (data theft) attacks against hospitals across the United States.
One such attack targeted three Minnesota medical facilities, disrupting their computer networks and phones and diverting ambulances. The current members of the Trickbot group are connected to the Russian intelligence services.
As a result of this Thursday’s action, all property and interests of persons in the United States or owned or controlled by US persons must be blocked and reported to the Office of Foreign Assets Control.