US authorities charged Alla Witte for helping build TrickBot, a type of malware that was active for many years in a worldwide campaign, defrauding numerous people.
Taking down much of TrickBot was a group effort involving multiple countries and coordination that doesn’t usually happen with similar threats. While all of Trickbot’s infrastructure was eventually primarily dismantled, a few servers are still active in various countries where the law enforcement agencies had no jurisdiction.
“The Trickbot malware was designed to steal the personal and financial information of millions of people around the world, thereby causing extensive financial harm and inflicting significant damage to critical infrastructure within the United States and abroad,” said Acting US Attorney Bridget M. Brennan of the Northern District of Ohio.
According to a CyberScoop report, 55-year old Latvian citizen Alla Witte was arrested in Miami on February 6, 2021. She was just arraigned and charged with 19 counts, including conspiracy to commit computer fraud, aggravated identity theft, conspiracy to commit wire and bank fraud, bank fraud and conspiracy to commit money laundering, among others.
“Defendant ALLA WITTE, aka MAX, was a national of Russia,” says the Department of Defence in the indictment. “During the timeframe of this indictment, WITTE resided in Suriname. WITTE was a Malware Developer for the Trickbot Group, overseeing the creation of code related to the monitoring and tracking of authorized users of the Trickbot malware, the control and deployment of ransomware, obtaining payments from ransomware victims, and developing tools and protocols for the storage of credentials stolen and exfiltrated from victims infected by Trickbot.”
Another 18 people are mentioned in the DOJ report and named co-conspirators or defendants, most of whom are from Russia, although the Trickbot group operated from Russia, Belarus, Ukraine and Suriname.
For now, it’s unclear what role Witte played in the Trickbot structure, but US law enforcement agencies will have to settle with just one arrest in this case, as the other defendants haven’t set foot in the US.