U.S. DOJ, Treasury and U.K. Authorities Take Action Against Russian Cybercriminal Group Trickbot

Today, the U.S. Treasury’s Office of Foreign Assets Control, in coordination with the United Kingdom, announced sanctions against eleven individuals who are part of the Russia-based Trickbot cybercrime group calling Russia “a safe haven for cybercriminals.” Specifically Treasury sanctioned individuals at all levels of the Trickbot group, including senior administrators and managers, such as Andrey Zhuykov, Maksim Rudenskiy, and Mikhail Tsarev, as well as developers and coders for the group. 

The U.S. Department of Justice (DOJ) concurrently announced the unsealing of indictments against nine individuals in connection with the Trickbot malware and Conti ransomware schemes, including seven of the individuals designated today. DOJ charged the individuals – all Russian nationals –  with conspiring to use the Trickbot malware to steal money and personal and confidential information from unsuspecting victims, including businesses and financial institutions located in the United States and around the world, beginning in November 2015.

This designation is part of continued collaborative efforts by the U.S. and the UK to disrupt Russian cybercrime and ransomware, and follows the first joint U.S.-UK cyber designation of several Trickbot group members in February 2023, the first designation under the UK’s new cyber authority.

Trickbot, first identified in 2016 by security researchers, was a trojan virus that infected millions of victim computers worldwide. It has since evolved into a highly modular malware suite that provides the Trickbot group the ability to conduct a variety of malicious cyber activities, including ransomware allowing the Trickbot group to attack hospital and other critical infrastructure around the globe. According to Treasury, the Trickbot group has ties to Russian intelligence services.

Today's sanctions and the parallel criminal cases are the result of a years long investigation by law enforcement entities in the U.S., the U.K. and across the globe. As a result of today’s action, all property and interests in property of the designated persons or entities that are in the United States or in the possession or control of U.S. persons are blocked and U.S. persons are generally prohibited from all transactions involving these individuals and entities.

Today's sanctions are represented in TRM as well as additional on-chain activity associated with Trickbot members included in today’s designation.