TrickBot developer arrested in Seoul, where he stuck due to restrictions related to COVID-19

The Record reports that a Russian was arrested at Seoul International Airport last week and is accused of developing code for the TrickBot hack group. The man was arrested while trying to leave South Korea, where he spent more than a year and a half due to the coronavirus pandemic.

The name of the detainee was not disclosed, but it is known that he is a Russian citizen and arrived in South Korea in February 2020. Initially, he was going to leave the country quite quickly, but the COVID-19 pandemic began and the country’s authorities banned international travel.

When the restrictions on air travel were finally lifted, the suspect’s passport expired, and as a result he was forced to live in a one-room apartment in Seoul, while waiting for the Russian embassy to prepare replacement documents.

While the suspect was waiting for his passport to be replaced, the US authorities launched an official investigation of the TrickBot. Although the operation to eliminate malware, carried out in the fall of 2020, ultimately failed, the US authorities soon managed to arrest 55-year-old Latvian citizen Alla Witte, who, according to investigators, was one of the programmers of TrickBot.

As in the case of Witte, a South Korean judge said that the Russian arrested in Seoul had collaborated with the hack group TrickBot since 2016 (when he responded to the attacker’s vacancy) and was developing a browser-related component.

The documents in the Witte case mentioned conversations between members of the hack group who discussed the recruitment process. Apparently, the members of TrickBot were honest with people who responded to their vacancies, and immediately warned that they would have to do illegal things.

TrickBot attention

According to the same conversations cited in the Witte case, most of the applicants positioned themselves as black hats. In the corporate chats, the Trickbot team discussed that they needed candidates who passed the test tasks and did not ask unnecessary questions.

TrickBot tests

If they ask additional questions, such people are not suitable.the court documents say.
The South Korean news agency KBS reports that the detained Russian has already appeared before a Seoul court under an international arrest warrant and a request for extradition to the United States. His lawyer claims that if his client is indeed handed over to the United States, he will be “subjected to excessive punishment.”
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button