CLEVELAND, Ohio — A Russian national has been extradited from South Korea and brought to Cleveland, where authorities accused him Thursday of working for a cybercrime network that struck computers worldwide and looted tens of millions of dollars from victims.
Federal marshals picked up Vladimir Dunaev, 38, last week and flew him to Northeast Ohio. He faces a federal indictment that charges him with conspiracy for his role as a developer for TrickBot, a criminal scheme with origins in Russia. He has denied the allegations.
Dunaev appeared before U.S. Magistrate Judge William Baughman, who ordered him held without detention. Attorney Gretchen Holderman was assigned to represent Dunaev. She declined to comment.
TrickBot attacked several targets across the country since 2016, including the Avon and Coventry schools in Northeast Ohio. It also obtained online banking credentials to grab more than $750,000 in wire transfers from an unidentified real-estate business in North Canton in 2018, according to the charges.
In 2017, TrickBot hacked into Avon schools’ accounts, siphoning $471,000 in a span of hours, according to the charges. Two years later, it hit Coventry schools. The district didn’t lose any money, but it had to spend an estimated $80,000 to rebuild its system after the attack, school officials said.
The indictment accuses TrickBot developers of using various forms of malware to strike governments, hospitals, businesses and banks to capture personal information and gain access to accounts.
Federal authorities have called TrickBot one of the most feared hacking groups in the world, striking millions of computers in the United States, Great Britain, Australia, Belgium, Canada, Germany, India, Italy, Mexico, Spain and Russia.
Dunaev is the second to be charged in the case before Senior U.S. District Judge Solomon Oliver. This summer, prosecutors in Cleveland accused Alla Witte of 19 charges, including conspiracy, wire fraud, bank fraud and aggravated identity theft. She has denied the charges.
The cases of Witte and Dunaev have been under seal for months. Witte is accused of working as a malware developer for TrickBot, according to the charges.
Her attorney, Edward Bryan, has declined to comment.
Dunaev was taken into custody in South Korea in September, based on the federal indictment out of Cleveland. He had stopped in Seoul while traveling in early 2020, but he could not leave for his home in Russia because of travel restrictions involving the coronavirus, according to Threatpost, a security website.
When he was finally permitted to leave, his passport had expired, the report said, and he had to apply again. Before he could leave, he was arrested on the federal charges out of Cleveland, the report noted.
Dunaev is accused of working as a malware developer for TrickBot. The charges and interviews indicate that he was not one of the masterminds behind the network. In most cases, those who worked for TrickBot answered a job posting and took a test to demonstrate their computer-programming skills, the charges show.
He is charged with conspiracy to commit computer fraud, conspiracy to commit wire fraud, aggravated identity theft and bank fraud.
TrickBot used the malware to obtain personal identification information from computer users, including credit cards, emails, passwords, dates of birth, Social Security numbers and addresses, according to the indictment.
The document said it also captured login information to gain access to online bank accounts, which enabled it to steal funds and launder that money through other bank accounts.
The charges also allege that TrickBot hit schools in Bennington, Vermont; an electrical company in Eastland, Texas; and country clubs in Lynchburg, Virginia, and Ripon, California.
The case is being handled in Northeast Ohio because of the number of victims here, and the investigation by the FBI and federal prosecutors Duncan Brown and Daniel Riedl.
This content was originally published here.