The Trickbot ransomware gang’s secrets have been exposed through a WIRED investigation that unmasked one of its central members, Maksim Sergeevich Galochkin.
Galochkin, who uses the online handles “Bentley” and “Manuel,” is a key member of the notorious Russian cybercrime syndicate Trickbot. The investigation involves a cache of leaked data that includes chat logs, intelligence dossiers, real-world names, photos, and other personal details of alleged gang members.
The investigation has shed light on the inner workings of the Trickbot syndicate, revealing links between these criminal gangs and the Russian government.
The leaked data revealed that Galochkin, who may appear like a typical office worker, is actively involved in Trickbot’s cybercriminal activities. He serves as a technical manager within the gang, overseeing the development of malware and ensuring it can evade security measures.
While his role is largely administrative, he has significant responsibility within the gang’s structure. The investigation highlights his connections within the Russian cybercriminal ecosystem and his collaborations with other Trickbot members, including the gang’s mysterious CEO-like figure known as Stern.
The investigation also draws attention to the complex relationship between Russian cybercriminals and the government. Russian cybercriminal groups, including Trickbot, have often operated with relative impunity, as long as they do not target Russian interests.
The leaked chat logs reveal discussions among gang members about their relationships with Russian law enforcement and intelligence agencies. Efforts to disrupt these groups have been met with limited success, as they continue to thrive and adapt despite global law enforcement efforts.
The exposure of Trickbot’s activities and Galochkin’s identity underscores the challenges of tackling cybercrime, especially when it involves sophisticated criminal networks operating from countries with limited cooperation with international law enforcement agencies.
While naming and shaming cybercriminals might impact their reputation and community standing, truly dismantling these groups remains a complex task due to the intricate web of connections they maintain within the cybercriminal ecosystem and, in some cases, with government entities.
