Carder.life

Carder.life (http://txgate.io:443/index.php)
-   Carding News (http://txgate.io:443/forumdisplay.php?f=38)
-   -   Germany doxxes Conti ransomware and TrickBot ring leader (http://txgate.io:443/showthread.php?t=51300819)

Artifact 06-02-2025 10:51 AM
<div id="post_message_794892">

The Federal Criminal Police Office of Germany (Bundeskriminalamt or BKA) claims that Stern, the leader of the Trickbot and Conti cybercrime gangs, is a 36-year-old Russian named Vitaly Nikolaevich Kovalev.<br/>
<br/>
"The subject is suspected of having been the founder of the 'Trickbot' group, also known as 'Wizard Spider,'" BKA<a href="https://www.bka.de/DE/IhreSicherheit/Fahndungen/Personen/BekanntePersonen/Endgame_2/KVN/Sachverhalt.html" target="_blank"> said</a> last week [<a href="https://www.bka.de/DE/IhreSicherheit/Fahndungen/Personen/BekanntePersonen/Endgame_2/KVN/Englisch.pdf?__blob=publicationFile&amp;v=1" target="_blank">English PDF</a>], after another round of seizures and charges part of <a href="https://www.bleepingcomputer.com/tag/operation-endgame/" target="_blank">Operation Endgame</a>, a joint global law enforcement action targeting malware infrastructure and the threat actors behind it.<br/>
<br/>
"The group used the Trickbot malware as well as other malware variants such as Bazarloader, SystemBC, IcedID, Ryuk, Conti and Diavol."<br/>
<br/>
Kovalev is now also wanted in Germany, according to a recently issued <a href="https://www.interpol.int/en/How-we-work/Notices/Red-Notices/View-Red-Notices#2025-39252" target="_blank">Interpol red notice</a> saying he was charged with being the ringleader of an unnamed criminal organization.<br/>
<br/>
However, this isn't the first time law enforcement has targeted Kovalev for his involvement in a cybercriminal organization. In February 2023, he was one of seven Russians <a href="https://www.bleepingcomputer.com/news/security/us-and-uk-sanction-trickbot-and-conti-ransomware-operation-members/" target="_blank">sanctioned </a>and <a href="https://www.justice.gov/usao-nj/pr/russian-national-charged-bank-fraud-related-hacking-campaign" target="_blank">charged </a>in the United States for their links to the TrickBot and Conti cybercrime gangs.<br/>
<br/>
Still, he was only <a href="https://www.secretservice.gov/investigations/mostwanted/kovalev" target="_blank">tagged </a>at the time as a senior figure within the Trickbot group using the aliases "Bentley," "Bergen," "Alex Konor," and "Ben."<br/>
<br/>
<img alt="" border="0" class="bbCodeImage" src="https://www.bleepstatic.com/images/news/u/1109292/2025/Vitaly-Nikolayevich-Kovalev.jpg"/><br/>
<div style="margin:20px; margin-top:5px; ">
<!-- <div class="smallfont" style="margin-bottom:2px">Quote:</div> -->
<table border="0" cellpadding="6" cellspacing="0" width="100%">
<tr>
<td class="alt2" style="background: rgb(37, 37, 37) none repeat scroll 0% 0%; border: 1px solid rgb(0, 0, 0); border-radius: 5px; font-size: 11px; text-shadow: none;">

Vitaly Nikolayevich Kovalev (U.S. Secret Service)

</td>
</tr>
</table>
</div>The sanctions came after a massive trove of personal information and internal conversations was leaked from TrickBot and Conti members in what was called <a href="http://www.wired.com/story/trickbot-trickleaks-bentley/" target="_blank">TrickLeaks </a>and <a href="https://www.bleepingcomputer.com/news/security/conti-ransomwares-internal-chats-leaked-after-siding-with-russia/" target="_blank">ContiLeaks</a>.<br/>
<br/>
While ContiLeaks provided access to the gang's internal conversations and source code, TrickLeaks went one step further, leaking the identities, online accounts, and personal information of TrickBot members on Twitter.<br/>
<br/>
These conversations exposed that Kovalev, under the alias "Stern," was in charge of the TrickBot operation and the Ryuk and Conti ransomware gangs. The chats illustrated how the other members would contact Stern for approval before conducting attacks or hiring lawyers for <a href="https://www.bleepingcomputer.com/news/security/us-charges-latvian-for-helping-develop-the-trickbot-malware/" target="_blank">Trickbot members arrested in the United States</a>.<br/>
<br/>
The leaks ultimately expedited <a href="https://www.bleepingcomputer.com/news/security/conti-ransomware-shuts-down-operation-rebrands-into-smaller-units/" target="_blank">Conti's shutdown</a>, with the cybercrime members moving to other operations or starting new gangs, including Royal, Black Basta, BlackCat, AvosLocker, Karakurt, LockBit, Silent Ransom, DagonLocker, and ZEON.<br/>
<br/>
"According to the investigations conducted by the BKA, at times, the Trickbot group consisted of more than 100 members. It works in an organized and hierarchically structured manner and is project and profit-oriented," BKA added last Friday.<br/>
<br/>
"The group is responsible for the infection of several hundred thousand systems in Germany and worldwide; through its illegal activities it has obtained funds in the three-digit million range. Its victims include hospitals, public facilities, companies, public authorities, and private individuals."<br/>
<br/>
While Kovalev's current whereabouts are unknown, German police believe that he currently lives in Russia and have asked for any information that could lead to his capture, including his current online accounts or what communication channels he uses.<br/>
<br/>
<a href="https://www.bleepingcomputer.com/news/security/germany-doxxes-conti-ransomware-and-trickbot-ring-leader/" target="_blank">@ BleepingComputer </a>
</div>


All times are GMT. The time now is 01:39 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.