US, UK Sanction 7 Members of Russian ‘Trickbot’ Cyber Gang for Hospital Attacks

US, UK Sanction 7 Members of Russian ‘Trickbot’ Cyber Gang for Hospital Attacks
A Russian flag is seen on a laptop screen in front of a computer screen displaying cyber code. Reuters/Kacper Pempel
Andrew Thornebrooke
Updated:
0:00

The United States and the UK said on Feb. 9 that they are sanctioning seven people associated with a Russian cybercriminal gang for their alleged role in conducting malign cyber activities against their nations and allies.

Washington and London sanctioned the members of Trickbot, a Russian cybercriminal outfit that specializes in stealing financial data, for their alleged roles in launching attacks on hospitals and government institutions.

“Cyber criminals, particularly those based in Russia, seek to attack critical infrastructure, target U.S. businesses, and exploit the international financial system,” U.S. Treasury Undersecretary Brian Nelson said in a prepared statement.

“The United States is taking action today in partnership with the United Kingdom because international cooperation is key to addressing Russian cybercrime.”

The announcement marks the first time that the UK has participated in such targeted sanctions with the United States, which the Treasury attributed to ongoing collaboration between itself and key British institutions.

A Treasury statement said that Trickbot originated in 2014 with the creation of the Dyre trojan banking malware and evolved from Dyre in 2016 to become malware and also the name of the cybercriminal group consisting largely of individuals located in Moscow.

The group specializes in targeting non-Russian individuals, businesses, and financial institutions and has created a modular malware suite that allows it to conduct an array of illegal activities.

According to the Treasury, Trickbot engaged in a targeted campaign against U.S. hospitals, in which it held vital health care systems hostage with ransomware during the height of the COVID crisis.

In one of these attacks, the Trickbot group deployed ransomware against three Minnesota medical facilities, disrupting their computer networks and telephones and causing a diversion of ambulances.

“By sanctioning these cybercriminals, we are sending a clear signal to them and others involved in ransomware that they will be held to account,” UK Foreign Secretary James Cleverly said in a prepared statement.

“These cynical cyber attacks cause real damage to people’s lives and livelihoods. We will always put our national security first by protecting the UK and our allies from serious organised crime—whatever its form and wherever it originates.”

The seven sanctioned individuals are believed to be closely associated with the Russian Intelligence Services. The Treasury said that Trickbot more broadly is believed to have aligned with Russian state interests since 2020 and to have engaged in cyberattacks on the U.S. government.

The persons are all alleged to have been involved in the management, administration, or delivery of the group’s malware.

The sanctions mean that all property and interests of those individuals in the United States or in possession of U.S. citizens must be blocked and reported and that those who engage in transactions with them may also be designated for sanction.

Andrew Thornebrooke
Andrew Thornebrooke
National Security Correspondent
Andrew Thornebrooke is a national security correspondent for The Epoch Times covering China-related issues with a focus on defense, military affairs, and national security. He holds a master's in military history from Norwich University.
twitter
Related Topics