On March 3, 2026, the United Kingdom and the United States took a significant stand against cybercrime by announcing sanctions on 11 individuals connected to the notorious TrickBot cybercrime organization, which operates out of Russia.
According to the U.S. Treasury Department, Russia has long been a safe haven for cybercriminals, particularly the TrickBot group. “This group is connected to Russian intelligence agencies and has specifically directed its activities toward the U.S. Government and American corporations, especially healthcare institutions,” the department reported.
The sanctioned individuals occupy various roles within the TrickBot organization, including administrative, managerial, and technical positions. Their sanctioning raises questions about the extent of their involvement with the infamous cybercrime syndicate.
Among those sanctioned is Alexander Mozhaev, known by the aliases Green and Rocco. He is reportedly part of the administrative team that oversees various operational tasks. “These individuals are suspected of having rendered tangible support to the operations in question,” the Treasury Department noted.
Another key figure, Mikhail Chernov, who uses the aliases Bullet and m2686, belongs to the internal utilities group. Artem Kurov, known as Naned, is mentioned as a software developer contributing to the group’s technological advancements.
“Each of these individuals plays a crucial role in maintaining the network's operational capabilities,” explained cybersecurity analyst Sarah Johnson. “Their sanctioning is an effort to disrupt the infrastructure of TrickBot.”
Vadym Valiakhmetov, operating under multiple aliases including Mentos, is also recognized as a software developer. Sergey Loguntsov, another developer, is known by the names Begemot, Begemot_Sun, and Zulas. Both are suspected of creating the tools used in TrickBot’s operations.
Human Resources roles are represented as well, with Maksim Khaliullin, alias Kagas, specific in ensuring the organization maintains its human capital. “What is remarkable here is that the sanctions target not just the coders, but also those behind the scenes managing resources,” noted cybersecurity expert Mark Liu.
Dmitry Putilin, known as Grad and Staff, has been identified as the owner of the TrickBot infrastructure. Meanwhile, Mikhail Tsarev, who has an extensive list of aliases, is said to handle human resources and finance.
Maxim Rudenskiy, who goes by Binman, takes a leadership role among the coders, and Maksim Sergeevich Galochkin—known by various aliases—has recently been identified as having financial challenges, further complicating his involvement. Recent investigations revealed that he had changed his name from Maksim Sergeevich Sipkin.
Andrey Zhuykov, recognized as Adam and Defender, is cited as a senior administrator for the group. The identities of these individuals have been unveiled, literally removing their digital cloaks, thanks to the coordinated efforts of U.K. authorities.
Cybersecurity officials emphasize that these sanctions are critical in challenging the anonymity typically enjoyed by cybercriminals. “The act of eliminating identities can compromise the integrity of cyber operations associated with the sanctioned individuals, posing a significant threat to the security of the United Kingdom,” the U.K. government stated.
The sanctions mark the second such action within a span of seven months against those connected to TrickBot and other cybercrime entities like Ryuk and Conti. This move coincides with the release of unsealed indictments targeting nine individuals allegedly involved in TrickBot malware and the Conti ransomware operations that include seven of the recently sanctioned people.
Dmitriy Pleshevskiy, a figure previously sanctioned in February 2023, has publicly refuted any ties to the TrickBot group. “I used the internet pseudonym 'Iseldor' for unspecified programming projects and did not perceive them as unlawful,” he stated. Despite this, he acknowledged that his work might have inadvertently contributed to illegal activities.
Amid these developments, the U.S. has seen previous arrests, including that of two other developers associated with TrickBot. In June 2023, Alla Witte, a Latvian national, pleaded guilty to conspiracy to commit computer fraud and was sentenced to 32 months in prison.
Looking Ahead
As both nations tighten their grip on cybercriminal organizations, the sanctions send a clear message: coordinated efforts in cybersecurity can disrupt even the most entrenched cybercriminal networks, aiming to protect against further digital threats in the future.