Russian national extradited to U.S. to face charges for role in cybercriminal organization

Vladimir Dunaev, a Russian national, living in the Yakutsk region of Russia and in Southeast Asia, has been extradited from the Republic of Korea to the Northern District of Ohio to face charges for his alleged role in a transnational, cybercriminal organization.

According to court documents, Dunaev, 38, was a member of a transnational, cybercriminal organization that deployed a computer banking trojan and ransomware suite of malware known as “Trickbot.”

The indictment alleges that in November 2015, and continuing through August 2020, Dunaev and others stole money, confidential information, and damaged computer systems from unsuspecting victims, including individuals, financial institutions, school districts, utility companies, government entities, and private businesses. To perpetuate their criminal scheme, the defendants allegedly used a network of co-conspirators and freelance computer programmers, known as the Trickbot Group, to create, deploy, and manage the Trickbot malware, which infected millions of computers and computer systems worldwide.

Dunaev is alleged to have been one such co-conspirator, working as a malware developer for the Trickbot Group. Dunaev allegedly performed a variety of developer functions in support of the Trickbot malware, including managing the malware’s execution, developing popular browser modifications and helping to conceal the malware from detection by security software. 

Earlier this year, the Justice Department announced the arrest and arraignment of Alla Witte, a Latvian national charged for her role in the Trickbot Group.

According to court documents, the Trickbot malware was designed to capture online banking login credentials and harvest other personal information, including credit card numbers, emails, passwords, dates of birth, social security numbers, and addresses from infected computers through the use of web injects and keystroke logging. Later versions of Trickbot were adapted to facilitate the installation and use of ransomware. 

According to the court documents, the defendants used these stolen login credentials and other personal information to gain access to online bank accounts, execute unauthorized electronic funds transfers and launder the money through U.S. and foreign beneficiary accounts.

Dunaev is charged with conspiracy to commit computer fraud and aggravated identity theft, conspiracy to commit wire and bank fraud, conspiracy to commit money laundering, and multiple counts of wire fraud, bank fraud, and aggravated identity theft. If convicted of all counts, Dunaev faces a maximum penalty of 60 years’ imprisonment. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.