Russian hackers who backed Ukraine’s war and targeted British hospitals during the COVID pandemic hit with sanctions | UK News

Eleven members of a Russian hacking gang that supported Vladimir Putin’s invasion of Ukraine and targeted British hospitals during the COVID pandemic have been hit with sanctions.

The Trickbot group extorted at least $180m (£145m) worldwide, including at least £27m from 149 victims in the UK, where it targeted schools, councils and businesses, according to the National Crime Agency (NCA).

The gang is accused of infecting millions of computers worldwide with malware.

It also offered support for Russia’s conflict in Ukraine, and key members are believed to maintain links with Russian intelligence services from which they likely received instructions, the State Department said.

The gang also threatened those who opposed the Kremlin’s invasion, according to the government ministry.

Britain and the United States imposed sanctions on 11 of its members on Thursday.

NCA director general Rob Jones said: “These sanctions are a continuation of our campaign against international cybercriminals.

“Attacks from this ransomware group have caused significant damage to our businesses and ruined livelihoods, with victims dealing with the long-term impact of financial and data loss.

“These criminals thought they were untouchable, but our message is clear: we know who you are and, working with our partners, we will not stop in our efforts to bring you to justice.”

Who are the hackers affected by sanctions?

:: Andrey Zhuykov was a key player in the group and a senior administrator. Known by the online monikers “Defender”, “Dif” and “Adam”.

:: Maksim Galochkin led a group of testers, responsible for development, supervision and implementation of tests. Known by the online monikers “Bentley”, “Volhvb” and “Max17”.

:: Maksim Rudenskiy was a key member of the Trickbot group and was a team leader of coders. Known by the online monikers Buza, Silver and Binman.

:: Mikhail Tsarev was a mid-level manager helping with the group’s finances and overseeing HR functions. Known by the online monikers Mango, Frances and Khano.

– Dmitry Putilin was associated with the purchase of Trickbot infrastructure. Known by the online designations Grad and Staff.

:: Maksim Khaliullin was HR manager for the group. He was associated with the purchase of Trickbot infrastructure, including the purchase of virtual private servers (VPS). Known by the online moniker Kagas.

:: Sergey Loguntsov was the developer for the group. Known by the online monikers Begemot, Begemot_Sun and Zulas.

:: Alexander Mozhaev was part of the admin team responsible for general administration tasks. Known by the online monikers Green and Rocco.

:: Vadym Valiakhmetov worked as a coder and his tasks included backdoor and loader projects. Known by the online monikers Weldon, Mentos and Vasm.

:: Artem Kurov worked as a coder with development tasks in the Trickbot group. Known by the online moniker Naned.

– Mikhail Chernov was part of the internal supply group. Known by the online monikers “Bullet” and “m2686”.

It comes after seven members of the same group were hit with sanctions in February.

All 18 are now subject to travel bans and asset freezes, as well as restrictions on their use of the legitimate global financial system.

Read more from Sky News:
Russia-linked cyber attack groups ‘want to destroy’ UK
Microsoft reveals the extent of attacks by Russian hackers on Ukraine’s allies

While largely symbolic, given the sanctions already imposed on Russia and the unlikelihood of hackers being based there, officials say they could make it harder for them to launder money.

US officials have indicted nine people, including seven from the latest group to be sanctioned, tied to the gang’s malware and Conti ransomware schemes.

Secretary of State James Cleverly said: “These cybercriminals thrive on anonymity and move in the shadows of the internet to cause maximum damage and extort money from their victims.

“Our sanctions show that they cannot act with impunity. We know who they are and what they are doing.

“By exposing their identities, we dismantle their business models, making it harder for them to target our people, our businesses and our institutions.”

Leave a Comment