In the fast moving world of cyber crime, updates often come thick and fast – Operation Endgame seems to be one of those times.
Since my original post yesterday, some of the law enforcement agencies involved in the operation have already released more information relating to the searches and arrests.
The Bundeskriminalmt
The Bundeskriminalmt have released the identities of eight individuals they wish to loctae and prosecute as they are believed to be members of some of the gangs under scrutiny in the ongoing cybercrime takedowns.
ANDREEV – (Fedor Aleksandrovich ANDREEV) is a Russian national believed to be a member of the Trickbot group. It is suspected that he initially acted as a tester for the developed malware under the pseudonyms azot and angelo and later took on the position of team leader within the group.
BRAGIN – (Anton Alexandrovich BRAGIN) is a Russian national believed to be a member of the Trickbot group. There is suspicion that he worked for the group as a programmer under the pseudonym hector to improve the admin panel for managing the criminal infrastructure.
CHEREPANOV – (Andrei Andreyevich CHEREPANOV) is a Russian national believed to be a member of the Trickbot group. There is suspicion that he worked for the group as a programmer on a spam bot under the pseudonyms fast and basil . At a later point in time, he also allegedly acted as a crypter and in this role ensured that the malicious code was disguised so that it remained undetected by anti-virus scanners.
CHERESHNEV – (Nikolai Nikolaevich CHERESHNEV) is a Russian national believed to be a member of the Trickbot group. There is suspicion that he worked for the group under the pseudonym biggie to maintain the VPN infrastructure. In addition, the allegedly acted as a crypter and in this role ensured that the malicious code was disguised in order to remain undetected by antivirus programs.
GRUBER – (Airat Rustemovich GRUBER) is a Russian national believed to be a member of the Smokeloader group. It is suspected that he was the administrator of the group and gained illegal access to several hundred thousand victim systems. He allegedly used the access and control over the infected systems to spy on data and, in return for payment, download additional malware from third parties.
POLISH – (Sergey Valerievich POLYAK) is a Russian national believed to be a member of the Trickbot group. It is suspected that he was a researcher for the group using the pseudonym cypher. In this role he looked for new potential victims, and investigated opportunities for targeted attacks.
TESMAN – (Georgy Sergeevich TESMAN) is a Russian national believed to be a member of the Trickbot group. It is suspected that he acted as a crypter for the group under the pseudonym core and in this role ensured that the malicious code was disguised in order to remain undetected by antivirus programs.
KUCHEROV – (Oleg Vyacheslavovich KUCHEROV) is a Russian national believed to be a member of the Trickbot group. Working under the pseudonym gabr, he was looking for new ways for the group to infect and infiltrate foreign systems unnoticed.
КІБЕРПОЛІЦІЇ УКРАЇНИ – Ukraine Cybercrime police
The Ukrainian cyber crime police have released information and photographs relating to one of the searches and arrests they conducted as part of Operation Endgame:
The photographs show agents searching the property of one of the suspects and examining the computer systems found on the premises
Another photograph shows the moment the suspect was arrested – apparently he was taken by surprise as he appears to be completely naked.
I’m certain that over the next few days and weeks, more updates relating to Operation Endgame will emerge – I’ll be sure to post them here
