A Russian developer suspected of belonging to the group responsible for the TrickBot malware was arrested in South Korea last week after trying to leave the country. As BleepingComputer reported, he could be extradited to the United States.
The man, whose identity has not been revealed, had been in the country for more than a year, awaiting his passport renewal and the lifting of restrictions related to covid-19 to leave Korea. When measures were relaxed and he tried to board, US authorities had issued the extradition request.
According to the publication, the accused was recruited in 2016 to develop a browser used by the international organization in its malicious campaigns. However, he claims not to know he worked for the group after being hired through an ad on a job site.
Now, the suspect’s lawyer is trying to convince South Korean justice not to send him to the US, where the group behind the TrickBot is targeted by the US Cyber Command, a unit aimed at fighting cybercrime. He is believed to be subject to severe punishment if tried in a US court.
back to attacks
Used in various attacks, TrickBot is malware that makes it possible to gain access to corporate networks, steal data and deploy ransomware. The damage caused by it led the US Cyber Command to carry out a major operation late last year, in partnership with Microsoft and other companies.
The attempt to bring down the group’s infrastructure managed to stop the malicious activities for a while. But the organization, suspected of being linked to Russia, was able to quickly rebuild its network, launching new attacks again.
In June, the US Department of Justice accused Latvian Alla Witte of developing the code for the TrickBot, releasing several records of conversations between her and other members of the group.