Photo: JACK GUEZ/AFP/Getty Images
The Justice Department indicted 11 Russian men in connection with a group of hackers which is behind some of the world’s largest cyberattacks, including destructive attacks against major hospital chains.
At the same time, the US Treasury Department and the UK government made the rare public claim that the alleged cybercriminals have explicit links to Russian intelligence.
According to the Department of Justice, three indictments have been unsealed in three different federal jurisdictions charging multiple Russian cybercrime actors involved in the Trickbot malware and Conti ransomware schemes.
According to court documents and public reports, Trickbot, which was removed in 2022, was a set of malware tools designed to steal money and make it easier for ransomware to install. Hospitals, schools and businesses are among the millions of Trickbot victims who suffered losses in the tens of millions of dollars.
While active, The Trickbot malware, which acted as an initial intrusion vector into victims’ computer systems, was used to support various ransomware variants, including Conti.
Conti was a ransomware variant used to attack more than 900 victims worldwide, including victims in approximately 47 states, the District of Columbia, Puerto Rico, and approximately 31 foreign countries. According to the FBI, in 2021, Conti ransomware was used to attack more critical infrastructure victims than any other ransomware variant.
“The Department of Justice has taken action against individuals who allegedly developed and deployed a dangerous malware scheme used in cyberattacks on US school districts, local governments and financial institutions,” said Attorney General Merrick B. Garland.
The announcement is the first public action a government has taken against Conti, who since 2020 has hacked and extorted major organizations, including Western governments, with apparent impunity.. Conti’s victims included the San Diego-area hospital chain Scripps Health and Ireland’s national health care system in 2021, and Costa Rica’s tax collection system last year, prompting the country to declare state of emergency.
The Treasury Department said Trickbot’s developers have “ties to Russian intelligence services”; such assertion has not been clarified by any Russian authority.
However, earlier this year, US intelligence discovered that a group of Russian hackers who had gained access to a Canadian gas infrastructure company were taking orders from Russian FSB handlers.