Maksim Sergeevich Galochkin is a very connected guy. The 41-year-old sends messages to his colleagues day and night in his work chat. He complains about losing money trading cryptocurrencies, admits he’s “damn addicted” to Metallica, and agrees with a colleague on this thriller Police, hacker, is a perfect movie for the weekend. Galochkin tells someone that he prefers working in the office and finds it easier to concentrate there; At home his wife scolds him. Oh, and you know what you want in life.
“I have big goals”
This is what he said to a colleague in September 2021: “I want to be rich, millionaire.” His more idealistic colleague replied that money was “a nonsense goal.” But Galochkin had a plan. “No,” he replied, “money is a means to get what I want.”
Galochkin may look like a typical office worker, but he actually has the right profession to make a lot of money. According to several cybercrime investigators is a key member of the famous Russian cybercriminal syndicate Trickbot, which has launched thousands of cyberattacks in recent years, crippling companies, hospitals and even governments around the world. At Trickbot, his colleagues know him by his online aliases: Bentley j Manuel.
How WIRED helped expose Trickbot’s Galochkin
Galochkin’s exposure This was followed by a month-long WIRED investigation involving several Russian cybersecurity and cybercrime experts. who associate it with the nickname Bentley. The analysis includes detailed evaluations of a huge amount of data that was leaked from the tape Ransomware and published on the Internet. This investigation also sheds more light on the inner workings of the Trickbot cybercriminal syndicate, connects its key players to the broader cybercrime landscape, and uncovers connections between these criminal gangs and the Russian government.
In March 2022, a Twitter account called “Trickleaks” published thousands of online chat logs from about 35 members of the group. The total size of the Trickbot group is difficult to estimate, but researchers estimate it has between 100 and 400 members. The anonymous leaker published 250,000 internal Trickbot messages and a number of self-created intelligence files who expose the people who are supposedly behind the band. The cache includes real names, photos, social media accounts, passport numbers, phone numbers, places of residence and other personal information of the suspected gang members. It also includes 2,500 IP addresses, 500 cryptocurrency wallets, and thousands of domains and email addresses.
Taken together, the files form one of the largest data dumps by a group of cybercriminals. At the time of their release in early 2022, the Trickleaks files went unnoticed by the public as global attention focused on Russia’s large-scale invasion of Ukraine and another major leak from the group. RansomwareConti, who researchers say has close ties to Trickbot.
The United States and the United Kingdom impose sanctions on 11 Russians linked to Trickbot
Trickleaks did not go unnoticed by security forces around the world, who analyzed the data, particularly in the USA and the United Kingdom. Its release last year came as part of a concerted effort between these two countries Dismantle, name, shame and sanction Russian cybercriminals, including some members of Trickbot. Although these government investigations typically lag years behind current activities and require long-term strategic coordination, in this case the process moved more quickly.
For cybercriminals seeking anonymity, keeping your distance from your colleagues is crucial. But when you’re texting each other throughout the day, even the most private and security-conscious people are likely to reveal some personal details. And in Galochkin’s case, these failures inadvertently contributed to revealing his true identity, investigators said.