US, UK take action against members of the Russian-linked Trickbot hacker syndicate | CyberScoop<\/title> <meta name=\"description\" content=\"The DOJ also unsealed indictments against some of the alleged Trickbot members for alleged roles in ransomware and other cybercrime activity.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/us-uk-sanctions-trickbot-russia\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"US, UK take action against members of the Russian-linked Trickbot hacker syndicate\"> <meta property=\"og:description\" content=\"The DOJ also unsealed indictments against some of the alleged Trickbot members for alleged roles in ransomware and other cybercrime activity.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/us-uk-sanctions-trickbot-russia\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2023-09-07T18:12:10+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/us-uk-take-action-against-members-of-the-russian-linked-trickbot-hacker-syndicate-1.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\">  <link rel=\"dns-prefetch\" href=\"\/\/cdn.parsely.com\">\n<link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-0\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1693959706g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-4\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1693499496g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1693525727g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=7af46db108fbc62fdcc9\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/76942\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.3.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=76942\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fus-uk-sanctions-trickbot-russia%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fus-uk-sanctions-trickbot-russia%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-76942 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/us-uk-sanctions-trickbot-russia\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.032069970845\">\n<div class=\"single-article__header-content\" readability=\"30.625\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/threats\/cybercrime\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> The DOJ also unsealed indictments against some of the sanctioned individuals for alleged roles in ransomware and other cybercrime activity. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/us-uk-take-action-against-members-of-the-russian-linked-trickbot-hacker-syndicate.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"U.S. Attorney General Merrick Garland. (Photo by Anna Moneymaker\/Getty Images)\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/us-uk-take-action-against-members-of-the-russian-linked-trickbot-hacker-syndicate-1.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/us-uk-take-action-against-members-of-the-russian-linked-trickbot-hacker-syndicate-1.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/us-uk-take-action-against-members-of-the-russian-linked-trickbot-hacker-syndicate-1.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/us-uk-take-action-against-members-of-the-russian-linked-trickbot-hacker-syndicate-1.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/us-uk-take-action-against-members-of-the-russian-linked-trickbot-hacker-syndicate-1.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/us-uk-take-action-against-members-of-the-russian-linked-trickbot-hacker-syndicate-1.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/us-uk-take-action-against-members-of-the-russian-linked-trickbot-hacker-syndicate-1.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/us-uk-take-action-against-members-of-the-russian-linked-trickbot-hacker-syndicate-1.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/us-uk-take-action-against-members-of-the-russian-linked-trickbot-hacker-syndicate-1.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/us-uk-take-action-against-members-of-the-russian-linked-trickbot-hacker-syndicate-1.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> U.S. Attorney General Merrick Garland. (Photo by Anna Moneymaker\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"30.129970902037\"><body readability=\"60.799163179916\"><\/p>\n<p>U.S. and U.K. officials on Thursday announced sanctions against 11 alleged members of the notorious Trickbot cybercrime syndicate, saying that the people were key to the group\u2019s management and procurement efforts. <\/p>\n<p>Thursday\u2019s action marks the second time in seven months the two governments have sanctioned members of a cybercrime group that has \u201cties to Russian intelligence services and has targeted the U.S. Government and U.S. companies,\u201d the <a href=\"https:\/\/home.treasury.gov\/news\/press-releases\/jy1714\">U.S. Treasury Department said in a statement<\/a>.<\/p>\n<p>The alleged Trickbot members sanctioned Thursday are: Andrey Zhuykov, Maksim Galochkin, Maksim Rudenskiy, Mikhail Tsarev, Dmitry Putilin, Maksim Khaliullin, Sergey Loguntsov, Vadym Valiakhmetov, Artem Kurov, Mikhail Chernov and Alexander Mozhaev. The two governments <a href=\"https:\/\/cyberscoop.com\/us-uk-sanction-trickbot-russia-ransomware\/\">sanctioned seven other members in February<\/a>.<\/p>\n<p>The <a href=\"https:\/\/www.justice.gov\/opa\/pr\/multiple-foreign-nationals-charged-connection-trickbot-malware-and-conti-ransomware\">U.S. Department of Justice also unsealed indictments<\/a> filed in three U.S. jurisdictions against some of the sanctioned individuals for their roles in Trickbot activity as well as connections to the <a href=\"https:\/\/cyberscoop.com\/tag\/conti\/\">Conti<\/a> ransomware operation. Charges \u2014 filed in the Northern District of Ohio, the Middle District of Tennessee and the Southern District of California \u2014 relate to the individuals\u2019 alleged roles in stealing money and confidential information, and various ransomware attacks.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Charges against Golochkin in the Southern District of California, for instance, are the result of the May 1, 2021, Scripps Health ransomware attack, according to the DOJ. Scripps Health lost access to healthcare systems at two of its hospitals and couldn\u2019t access its electronic medial record system and forced the re-routing of stroke and heart attack patients from four of its hospitals, the <a href=\"https:\/\/www.hipaajournal.com\/scripps-health-ransomware-attack-cost-113-million\/\">HIPAA Journal reported in August 2021<\/a>. Losses from the attack exceeded $113 million, the news outlet reported.<\/p>\n<p>An <a href=\"https:\/\/www.wired.com\/story\/trickbot-trickleaks-bentley\/?redirectURL=https%3A%2F%2Fwww.wired.com%2Fstory%2Ftrickbot-trickleaks-bentley%2F\">Aug. 30 story published by Wired<\/a>, which mined the trove of <a href=\"https:\/\/cyberscoop.com\/russian-cybercrime-syndicate-trickbot-organized-potent-adversary\/\">Trickbot leaks<\/a> published in the wake of the Russian invasion of Ukraine, detailed the apparent key role Galochkin played in the group\u2019s day-to-day operations.<\/p>\n<p>\u201cThe Justice Department has taken action against individuals we allege developed and deployed a dangerous malware scheme used in cyberattacks on American school districts, local governments, and financial institutions,\u201d Attorney General Merrick Garland said in the statement. \u201cSeparately, we have also taken action against individuals we allege are behind one of the most prolific ransomware variants used in cyberattacks across the United States, including attacks on local police departments and emergency medical services.\u201d<\/p>\n<p>FBI Director Christopher Wray said in a statement that the sanctions and indictments \u201cshows our ongoing commitment to bringing the most heinous cyber criminals to justice \u2014 those who have devoted themselves to inflicting harm on the American public, our hospitals, schools, and businesses.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.2120535714286\">\n<div class=\"author-card\" readability=\"8\">\n<p><h4 class=\"author-card__name\">Written by AJ Vicens<\/h4>\n<p> AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal\/WhatsApp: (810-206-9411). <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/us-uk-sanctions-trickbot-russia\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>US, UK take action against members of the Russian-linked Trickbot<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[912,282,338,273,913],"tags":[914,286,341,279,915],"class_list":["post-1676","post","type-post","status-publish","format-standard","hentry","category-conti","category-cybercrime","category-department-of-justice-doj","category-fbi","category-trickbot","tag-conti","tag-cybercrime","tag-department-of-justice-doj","tag-fbi","tag-trickbot"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/conti\/\" rel=\"category tag\">Conti<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/department-of-justice-doj\/\" rel=\"category tag\">Department of Justice (DOJ)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/fbi\/\" rel=\"category tag\">FBI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/trickbot\/\" rel=\"category tag\">TrickBot<\/a>","tag_info":"TrickBot","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1676","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=1676"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1676\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=1676"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=1676"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=1676"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":1676,"date":"2023-09-07T18:12:10","date_gmt":"2023-09-07T18:12:10","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=76942"},"modified":"2023-09-07T18:12:10","modified_gmt":"2023-09-07T18:12:10","slug":"us-uk-take-action-against-members-of-the-russian-linked-trickbot-hacker-syndicate","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/09\/07\/us-uk-take-action-against-members-of-the-russian-linked-trickbot-hacker-syndicate\/","title":{"rendered":"US, UK take action against members of the Russian-linked Trickbot hacker syndicate"},"content":{"rendered":"