Alleged Conti, TrickBot Gang Leader Unmasked

Alleged Conti, TrickBot Gang Leader Unmasked

German authorities have named Russian national Vitaly Nikolaevich Kovalev as the founder and leader of the TrickBot cybercrime gang.

Established in 2016, the TrickBot group is believed to have infected millions of computers worldwide, exfiltrating sensitive information such as credentials, banking and credit card details, and personal information, while also enabling the deployment of other malware, such as ransomware.

Authorities targeted TrickBot’s infrastructure in takedown attempts in 2020 and 2024, and announced charges and sanctions against over a dozen group members in 2023, including Kovalev, believed at the time to be a senior figure within the cybercrime ring.

The Federal Criminal Police Office of Germany (BKA) now says that Kovalev, under the names of ‘Stern’ and ‘Ben’, founded the TrickBot gang and acted as its leader.

“The group used the Trickbot malware as well as other malware variants such as Bazarloader, SystemBC, IcedID, Ryuk, Conti, and Diavol. According to the investigations conducted by the BKA, at times, the Trickbot group consisted of more than 100 members,” the BKA says.

Targeting critical infrastructure, hospitals, private organizations, and individuals alike, the TrickBot group is believed to have made hundreds of millions of dollars by demanding ransom payments from its victims.

BKA named Kovalev as the TrickBot gang leader roughly one month after a leaker using the online moniker ‘GangExposed’ published information on the identities of key members of the Conti and TrickBot groups.

Kovalev, the whistleblower says, is also the mastermind behind the Conti group, which emerged in 2020. In 2022, security researchers speculated that Conti acquired TrickBot.

Advertisement. Scroll to continue reading.

“He wasn’t just a participant or a forum admin—he was the architect. The man behind the infrastructure, the money pipelines, and the global-scale attack coordination,” GangExposed claims.

The leaker notes that Kovalev is also known as ‘Stern’, ‘Ben’, ‘Bergen’, and ‘Alex Konor’, and that he made tens of millions of dollars in illegal proceeds from his cybercriminal activities. He is currently worth over $500 million in cryptocurrency, GangExposed says.

Related: More LockBit Hackers Arrested, Unmasked as Law Enforcement Seizes Servers

Related: TrickBot and Other Malware Droppers Disrupted by Law Enforcement

Related: Russian TrickBot Malware Developer Sentenced to Prison in US

Related: LockBit Ransomware Mastermind Unmasked, Charged


Source link