Svmuu News: The United States, the European Union, and the United Kingdom jointly announced sanctions against a group of state-sponsored hacking organizations, cybercrime syndicates, and their infrastructure providers. The targeted entities are accused of causing billions of dollars in cumulative losses to businesses, critical infrastructure, and government agencies worldwide. Among these, the most notable is the EU’s sanction against Russian cybercriminal Vitaly Nikolayevich Kovalev (alias “Stern”). The EU has determined that Stern is one of the core administrators of the notorious Trickbot Group ransomware organization, which operates multiple high-risk ransomware variants, including Conti and Ryuk.
On-chain analysis shows that wallet addresses linked to Stern have cumulatively received over $300 million in ransom payments, potentially making him the “largest-scale ransomware operator” identified to date.
According to the analysis, the $300 million represents only Stern’s personal proceeds; the Trickbot Group’s total illicit revenue is likely far higher. On-chain fund flows show that Stern has had transactional ties with multiple ransomware ecosystems, including Ryuk, Conti, Diavol, Karakurt, Royal, and Quantum.
Investigations reveal that Stern played a role similar to that of a “CEO” within the Trickbot organization, overseeing budget management, personnel recruitment, infrastructure procurement, and the development of attack plans. (Chainalysis)