Russian National Extradited For Alleged Role In Cybercriminal Organization

A Russian national, residing in the Yakutsk region of Russia and in Southeast Asia, had his initial appearance in federal court today after his extradition from the Republic of Korea to the Northern District of Ohio to face charges for his alleged role in a transnational, cybercriminal organization.

According to court documents, Vladimir Dunaev, 38, was a member of a transnational, cybercriminal organization that deployed a computer banking trojan and ransomware suite of malware known as “Trickbot.”

“Trickbot attacked businesses and victims across the globe and infected millions of computers for theft and ransom, including networks of schools, banks, municipal governments, and companies in the health care, energy, and agriculture sectors,” said Deputy Attorney General Lisa O. Monaco.

The indictment alleges that beginning in November 2015, and continuing through August 2020, Dunaev and others stole money, confidential information, and damaged computer systems from unsuspecting victims, including individuals, financial institutions, school districts, utility companies, government entities, and private businesses. To perpetuate their criminal scheme, the defendants allegedly used a network of co-conspirators and freelance computer programmers, known as the Trickbot Group, to create, deploy, and manage the Trickbot malware, which infected millions of computers and computer systems worldwide.

Dunaev is alleged to have been one such co-conspirator, working as a malware developer for the Trickbot Group. Dunaev allegedly performed a variety of developer functions in support of the Trickbot malware, including managing the malware’s execution, developing popular browser modifications and helping to conceal the malware from detection by security software.

Earlier this year, the Justice Department announced the arrest and arraignment of Alla Witte, a Latvian national charged for her role in the Trickbot Group.

According to court documents, the Trickbot malware was designed to capture online banking login credentials and harvest other personal information, including credit card numbers, emails, passwords, dates of birth, social security numbers, and addresses from infected computers through the use of web injects and keystroke logging. Later versions of Trickbot were adapted to facilitate the installation and use of ransomware.

According to the indictment, the defendants used these stolen login credentials and other personal information to gain access to online bank accounts, execute unauthorized electronic funds transfers and launder the money through U.S. and foreign beneficiary accounts.

Dunaev was extradited from the Republic of Korea on Oct. 20. He is charged with conspiracy to commit computer fraud and aggravated identity theft, conspiracy to commit wire and bank fraud, conspiracy to commit money laundering, and multiple counts of wire fraud, bank fraud, and aggravated identity theft.

Dunaev entered a plea of not guilty and waived his detention hearing.

If convicted of all counts, Dunaev faces a maximum penalty of 60 years’ imprisonment. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.