Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Several cybersecurity researchers who followed Trickbot told Wired that they were not aware of the announcement. An anonymous account on the social media platform X recently said that Kovalev had used the severe handle and published alleged details about it. Wired has sent several accounts to accounts which are supposedly belonging to Kovalev, according to the X account and a database of pirated files and disclosed by the district 4 laboratories but have received no response.
Meanwhile, Kovalev’s name and face may already be surprisingly familiar to those who followed the recent Trickbot revelations. This is because Kovalev was sanctioned jointly by the UNITED STATES And United Kingdom In early 2023 for his alleged involvement as a senior member of Trickbot. It was also Billed in the United States at the time with hacking linked to banking fraud allegedly committed in 2010. The United States added it to its The most extensive list. In all these activities, however, the United States and the United Kingdom have linked Kovalev to online sleeves “Ben” and “Bentley”. The 2023 sanctions did not mention any connection to the severe handle. And, in fact, the indictment of Kovalev in 2023 was mainly remarkable because his use of “Bentley” as a handle was determined to be “historic” and distinct from that of that of Another key member of Trickbot who also went through “Bentley. “”
The Ransomware Trickbot group emerged for the first time around 2016, after its members moved from Expensive malware This was disrupted by the Russian authorities. During its lifespan, the Trickbot group – which used its homonymous malware, alongside other ransomware variants such as Ryuk, Icedid and Diavol – was increasingly overlapping in operations and staff with the Gang Conti. At the beginning of 2022, Conti published a declaration supporting the large -scale invasion of Ukraine by Russia and a cybersecurity researcher who had infiltrated the groups has disclosed more than 60,000 Members of Trickbot and Conti Membersrevealing a huge mine of information on their operations and their daily structure.
Stern has acted as a “CEO” of the Trickbot and Conti groups and led them as a legitimate company, disclosed disclosed cat messages Cable analyzed And Security researchers to show.
“Trickbot established the mold for the modern cybercriminal commercial model” in service “which was adopted by countless groups that followed,” said Leslie de Future. “Although there are certainly organized groups which preceded Trickbot, Stern supervised a period of Russian cybercrime which was characterized by a high level of professionalization. This trend continues today, is reproduced worldwide and is visible in most groups active on the dark canvas. ”
Stern’s eminence in Russian cybercrime has been widely documented. The cryptocurrency tracing company does not publicly appoint cybercriminal actors and has refused to comment on BKA identification, but society has stressed that severe personality alone is one of the most profitable ransomware actors it follows.
“The investigation revealed that Stern generated significant income from illegal activities, in particular in relation to ransomware,” said BKA spokesman in Wired.
Stern “surrounds himself with very technical people, many of whom he claims to have sometimes decades of experience, and he is ready to delegate substantial tasks to these experienced people in whom he has confidence”, explains Keith Jarvis, principal researcher in terms of security in the counter-menace unit of the Sophos cybersecurity society. “I think he has always experienced this organizational role.”
Increasing evidence in recent years has indicated that Stern has at least a few loose links with Russia’s intelligence apparatus, including its main security agency, the Federal Security Service (FSB). The severe handle mentioned the implementation of an office for “government subjectsIn July 2020, while Researchers have seen other members From the Trickbot group says that Stern is probably the “link between us and the ranks / head of the department type at FSB”.
The coherent presence of Stern has contributed significant to the efficiency of Trickbot and Conti – as well as the ability of the entity to maintain high operational security and to remain hidden.
As Jarvis de Sophos said, “I have no reflection on the attribution, because I have never heard a convincing story on the identity of Stern de Anyqueque before this announcement.”
