Cops in Germany have found cybercrime gang leader
The Federal Criminal Police of Journey “BKA” has claimed that Stern, the leader of TrickBot and Conti cybercrime gangs, is Vitaly Nikolaevich Kovalev, a 36-year-old Russian.
According to BKA, he is suspected of founding the ‘TrickBot’ group, aka ‘Wizard Spider. ' This was part of Operation Endgame, a collaborative global crackdown against malware infrastructure and hackers behind it. The gang used TrickBot and other malware, such as SystemBC, Bazarloader, Ryuk, Diavol, Conti, and IcedID.
Most wanted in Germany
According to Interpol, Kovalev is wanted in Germany. He is charged with being the mastermind of an unnamed criminal gang.
This is not the first time Kovalev has been charged with participating in a cybercrime organization. In 2023, he was one of seven Russians charged in the US for their connections to the Conti and TrickBot cybercrime gangs.
At that time, he was only charged as a senior member of the TrickBot gang using the aliases “Bergen,” “Ben,” “Bentley,” and “Alex Konor.”
Leaks led to the identification
The sanctions were announced after massive information leaks from Conti and TrickBot members called ContiLeaks and TrickLeaks.
Contileaks gave access to the gang’s inside conversations and source code, and TrickLeaks even leaked the identities, and personal information of TrickBot members, and online accounts on X (former Twitter).
These chats revealed that Kovalev aka “Stern” was heading the TriickBot operation and Conti and Ryuk ransomware groups. The chats revealed members asking Stern permission before launching attacks or getting lawyers for TrickBot members captured in the U.S.
The leaks led to a speedy crackdown on Conti, the gang members switching to other operations or forming new criminal groups such as BlackCat, LockBit, Royal, Black Basta, AvosLocker, Zeon, and DagonLocker.
BKA’s investigation revealed that the “TrickBot group consisted of more than 100 members. It works in an organized and hierarchically structured manner and is project and profit-oriented.”
BKA said that the “group is responsible for the infection of several hundred thousand systems in Germany and worldwide; through its illegal activities, it has obtained funds in the three-digit million range. Its victims include hospitals, public facilities, companies, public authorities, and private individuals."
Kovalev is in hiding and German police believe that he may be in Russia. The police have asked for any info that could lead to his arrest.
