“Stern” Allegedly Biggest Ransomware Operator in EU Sanctions-Coordinated Global Cyber ​​Crackdown


chain analysis He noted that US, UK and European Union officials have imposed sanctions on a vast network of cybercriminals, government-linked hackers and their support infrastructure. This action stands out as one of the largest cyber enforcement operations to date, targeting organizations accused of causing billions of dollars in losses to businesses. infrastructureand governments around the world.

chain analysis He pointed out that at the center of the EU’s definitions is Russian citizen Vitaly Nikolayevich Kovalev, better known online by the nickname “Stern”.

Defined as key manager in Trickbot cyber crime organization, ass It reportedly received more than $300 million in cryptocurrency ransom payments through relevant wallets.

As explained in a blog post by chain analysisThis surprising personal post potentially positions him as the most prolific individual ransomware figure tracked to date.

Trickbot and its affiliates, including infamous variants like Conti and Ryuk, have long been associated with devastating attacks against healthcare providers, financial institutions, and other key industries.

Although Stern’s identified income exceeds $300 million, this amount reflects only his portion of the income.

The group’s general extortion activities generated much larger sums, highlighting the industrial scale of these operations.

blockchain The analysis shows that Stern’s wallets interact with multiple ransomware variants, including Diavol, Karakurt, Royal, 3AM, Quantum, and Bitpaymer, demonstrating his central role in the ecosystem.

Kovalev initially received approval WE and UK authorities in February 2023.

The final EU list is notable for its explicit reference to the name “Stern”.

These latest measures also bring the total number of patients. approved Following earlier actions targeting seven members in early 2023 and 11 later that year, individuals linked to Trickbot have grown to 19.

Internal documents obtained from the Conti leaks reportedly depict Stern in a leadership capacity with authority over budgeting, purchasing, hiring and operational planning, similar to a CEO in a criminal enterprise.

cryptocurrency The flows further highlight this hierarchy, revealing payments for the infrastructure and services that sustain the group’s operations.

Beyond individual operators, sanctions also cover the activation of services. U.S. Treasury Office of Foreign Assets Control (OFAC), along with crypto provider Yevgeniy Silayev, targeted First VPN Service (1VPNS) and its director Dmytro Rashevskyi.

These assets provided tools frequently used by ransomware actors across multiple blockchains.

This is as follows Europe Law enforcement operation that disrupted 1VPNS infrastructure in May 2026.

EU Developers affiliated with the LummaC2 spoofing malware-as-a-service platform, which is widely used to steal credentials and wallet data, were also identified.

Additional targets include Media Land LLC, a bulletproof hosting provider that has been linked to multiple ransomware gangs since 2016, and various Russian State actors from GRU Unit 29155 and pro-Russian hacktivist collectives such as CARR and Z-Pentest have been accused of attacking critical infrastructures.

This coordinated move signals a strategic evolution in efforts to combat cybercrime: Moving beyond frontline operators to dismantle supporting infrastructure—VPNshosting services, obfuscation tools, and payment facilitators allow these groups to thrive.

By tagging relevant cryptocurrency Addresses, blockchain analysis firms like Chainaliz allow organizations to screen for potential exposures and strengthen compliance.

International cooperation remains important cyber criminals Take advantage of jurisdictional gaps.

These sanctions are frozen assets and restrict cross-border transactions to disrupt cash flows and operational continuity. chain analysis concluded As ransomware threats continue to evolve, combining such actions with advanced on-chain monitoring provides a robust framework for mitigating global risks digital economy.





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *