TrickBot developer arrested in Seoul, where he stuck due to restrictions related to COVID-19

The Record reports that a Russian was arrested at Seoul International Airport last week and is accused of developing code for the TrickBot hack group. The man was arrested while trying to leave South Korea, where he spent more than a year and a half due to the coronavirus pandemic.

When the restrictions on air travel were finally lifted, the suspect’s passport expired, and as a result he was forced to live in a one-room apartment in Seoul, while waiting for the Russian embassy to prepare replacement documents.

While the suspect was waiting for his passport to be replaced, the US authorities launched an official investigation of the TrickBot. Although the operation to eliminate malware, carried out in the fall of 2020, ultimately failed, the US authorities soon managed to arrest 55-year-old Latvian citizen Alla Witte, who, according to investigators, was one of the programmers of TrickBot.

As in the case of Witte, a South Korean judge said that the Russian arrested in Seoul had collaborated with the hack group TrickBot since 2016 (when he responded to the attacker’s vacancy) and was developing a browser-related component.

The documents in the Witte case mentioned conversations between members of the hack group who discussed the recruitment process. Apparently, the members of TrickBot were honest with people who responded to their vacancies, and immediately warned that they would have to do illegal things.

According to the same conversations cited in the Witte case, most of the applicants positioned themselves as black hats. In the corporate chats, the Trickbot team discussed that they needed candidates who passed the test tasks and did not ask unnecessary questions.