Monday, June 21, 2021

Latvian lady charged with writing malware for the Trickbot Group – Bare Safety

The US Department of Justice (DOJ) just announced that it has charged a 55-year-old Latvian woman, who went by the moniker of Max, with malware-writing crimes.

Max, whose real name is apparently Alla Witte, is the sixth of seven defendants listed in the DOJ’s indictment, along with ten other unknown individuals identified only as CC8 to CC17. (CC is short for co-conspirator.)

At the moment, the names of the other six defendants have been redacted from the document, so that Witte is the only one whose name has been publicly released.

(In the indictment, filed in August 2020, Witte was identified as a “national of Russia”, but the headline of the DOJ’s latest press release describes her as Latvian.)

Witte was apparently living in Suriname in South America at the time of the alleged offences, but was arrested in Miami, Florida, in February 2021, presumably while attempting to enter the US.

The indictment, which runs to 61 double-spaced pages, tells a fascinating story of how the Trickbot Group, as the DOJ refers to this cybergang, operated and evolved over a five-year period from late 2015 to the middle of 2020.

Also documented in the indictment is a laundry list of attempted financial thefts from so-called “co-operating witnesses” – eleven US companies that have come forward to help establish the nature and extent of the criminality attempted by the Trickbot Group.

The fradulent transactions attempted against those 11 companies alone add up to $6.2 million, but the DOJ says that the Trickbot malware has infected millions of computers worldwide in the broadest possible way, hitting individuals, businesses and organisations including hospitals, schools, public utilities and governments.