Alleged Russian hacker extradited from South Korea to stand trial in US

An alleged Russian hacker appeared in court for the first time Thursday to face allegations that he played a role in a transnational cybercrime organization after being extradited to the United States from South Korea.

Vladimir Dunaev is alleged to have been a member of a group that used “Trickbot” malware to carry out cyberattacks worldwide between 2015 and 2020, including stealing personal information and damaging computer networks of groups such as schools, government entities and financial institutions. These incidents involved ransomware attacks.

Dunaev is alleged to have worked as a malware developer for the Trickbot group, and has been charged with conspiracy to commit computer fraud and aggravated identity theft, along with charges of money laundering, wire fraud and bank fraud, among others. He faces a maximum sentence of 60 years in prison if convicted of all counts.

“Trickbot attacked businesses and victims across the globe and infected millions of computers for theft and ransom, including networks of schools, banks, municipal governments, and companies in the health care, energy, and agriculture sectors,” Deputy Attorney General Lisa Monaco said in a statement Thursday. 

Monaco noted that the operation was a “success” for the Justice Department’s ransomware task force, which was established in April in response to a spike in ransomware attacks against critical organizations, in particular by Russian-linked cybercriminals. 

She additionally cited the arrest earlier this year of a Latvian national, also alleged to be involved in the group behind the Trickbot malware, to emphasize the progress made in confronting cybercriminals. 

“This is the second overseas Trickbot defendant arrested in recent months, making clear that, with our international partners, the Department of Justice can and will capture cyber criminals around the world,” Monaco said. 

FBI Deputy Director Paul Abbate applauded the extradition Thursday. 

“The FBI is determined to utilize our unique tools and capabilities to disrupt transnational cybercriminal organizations, such as the group that developed and delivered Trickbot, and remains committed to imposing risk and consequence upon these criminals,” Abbate said in a statement. “Pursuing cyber criminals requires considerable patience, expertise, and resources, but the FBI has a long memory and will ensure that these malicious actors cannot evade detection or avoid the full weight of law enforcement actions.”

The Trickbot malware group was disrupted by Microsoft ahead of the 2020 U.S. presidential elections, with Microsoft taking control of infrastructure used by the group to conduct ransomware attacks. This came a week after The Washington Post reported that U.S. Cyber Command was seeking to disrupt Trickbot as well to minimize threats to the election. 

The extradition of Dunaev from South Korea to the Northern District of Ohio, which took place on Oct. 20, marks a high point for the Justice Department, which often struggles to prosecute Russian hackers due to the lack of an extradition treaty with Russia. 

Relations between the U.S. and Russia have grown more fraught over the past year following the discovery of the SolarWinds hack, which involved Russian government-backed hackers compromising nine U.S. federal agencies for most of last year. Several Russian-based cybercriminal organizations have also been linked to ransomware attacks on critical groups such as Colonial Pipeline.