BKA names identity of the suspected boss of the Trickbot gang
The Federal Criminal Police Office BKA is searching for the alleged head of the notorious "Trickbot" gang by name and face.
Symbolic image: The BKA has announced the identity of the suspected leader of the notorious cybercrime gang Trickbot and is searching for him.
(Image: Daniel Beckemeier/Shutterstock.com)
In connection with the large-scale police operation "Operation Endgame 2.0", the Federal Criminal Police Office (Bundeskriminalamt, BKA) is looking for numerous cyber criminals, including Vitalii Nikolaevich Kovalev, known primarily as "Stern". He is said to be the head of the infamous Trickbot gang, an organization whose structure was very similar to a conventional company, with "Stern" being the CEO, so to speak. The BKA is now searching for him using his identity and photos.
Kovalev is a Russian citizen and, according to the wanted notice, is suspected of having made a significant contribution to the execution of global cyberattacks as the founder of the group behind the malware of the same name. He is therefore suspected of having founded the group under the pseudonyms <stern> and <ben> and acting as its leader. The group is said to have infected hundreds of thousands of PCs with malicious software such as malware or ransomware since at least 2016.
According to the BKA, it has made hundreds of millions of euros through its illegal activities. According to the BKA, its victims include hospitals, public institutions, companies, authorities and private individuals. In Germany alone, the group is said to have caused damage amounting to at least 6.8 million euros. Endgame 2.0 took a total of 300 servers offline, 50 of which were in Germany and are attributed to Trickbot and Qakbot, another cybercrime group.
Cybercrime gang with professional management
The remarkable thing about the wanted Kovalev is that he really ran the organization behind Trickbot much like a normal software company. Around three years ago, a report provided exciting details about the gang's working methods and organization. For example, that at that time there were many special teams within the organization, such as the Crypters, who exchanged information in their own chat groups. The Crypters only built tools that could be used to disguise malware so that it could no longer be detected by anti-virus and security software.
Videos by heise
Each working group had its own team leader, and the management set the strategy and direction – presumably above all Kovalev, who is now wanted as the leader of the gang. Sounds like conventional organized crime at first – but the report also mentions regular biweekly payments, sick pay and vacations and a 13th month's salary. This is based on the group's communication history, which was available to the authors. The rather novel structures for cybercrime caused quite a stir at the time – Kovalev, who is now identified and wanted, is likely to have been something of a pioneer.
The BKA assumes that the wanted man lives in the Russian Federation. The current whereabouts of the wanted man are unknown. The names and chat histories of members of Trickbot have been circulating since 2022, and the BKA says it has analyzed and evaluated this information. According to the BKA, 17 other people are still being sought in connection with Kovalev, many of whom, the BKA suspects, are apparently in Russia.
(nen)
