Maxim Galochkin leads a double life in the shadow of the Darknet and the light of YouTube.
As a result of a months-long investigation conducted by WIRED, the secrets of the Trickbot extortion group were revealed. Based on the leaked documents, the journalists were able to reveal the identity of one of the key members of the group – Maxim Sergeevich Galochkin.
41-year-old Maxim Galochkin actively communicates on the Internet, sharing his thoughts on cryptocurrency, music and cinema. At first glance, he may seem like an ordinary office worker, but in reality he is a key member of the large cybercrime syndicate Trickbot. Inside the organization, colleagues know Galochkin under the pseudonyms Bentley and Manuel.
According to Wired, Galochkin was involved in Trickbot financial transactions, subscriptions to services necessary for attacks, and obfuscation (hiding) malicious code from antivirus programs. In addition, Galochkin previously had the surname Sipkin and supported the opposition. Later, he changed his last name to Galochkin and began to engage in cybercrime.
The hacker also expressed his ambition to become a millionaire and his desire to live in the United States or Europe. In one of the correspondence with his colleagues, he boasted about his car Bentley Continental GT.
Researchers were able to determine the identity of the hacker after watching a video on a YouTube channel dedicated to cryptocurrencies. In this video, the author demonstrated his active account in the Jabber messenger. The same login was seen in the Bentley messages. After analyzing the information associated with the YouTube account, experts studied the use of similar usernames and passwords in other services. As a result, experts came to Maxim Galochkin from Abakan.
The investigation also uncovered the internal workings of the Trickbot syndicate, which made it possible to link key members of the syndicate to the broader cybercrime community and identify links to other criminal groups.
The investigation began in March 2022, when an account on the social network X called "Trickleaks" published the correspondence of approximately 35 members of the group. The information provided a unique insight into the size and structure of the Trickbot group, which researchers estimate at 100-400 people, making Trickbot one of the world's largest cybercriminal groups.
We also note that at the moment Galochkin has not been detained or charged with cybercrime. His current location is unknown.
In 2020, American law enforcement agencies, together with information security companies, disabled most of TrickBot's C&C infrastructure. Although the group lost 94% of its servers, the botnet survived and returned with new servers in a few days, and a few weeks later new attacks began. In February, after several months of downtime, the TrickBot botnet operators shut down their infrastructure .
In 2021, the US authorities charged and detained two TrickBot programmers, but the group's leadership remained intact. The grouping continued to function throughout 2021 until it became part of Conti and switched to a new code base.
As a result of a months-long investigation conducted by WIRED, the secrets of the Trickbot extortion group were revealed. Based on the leaked documents, the journalists were able to reveal the identity of one of the key members of the group – Maxim Sergeevich Galochkin.
41-year-old Maxim Galochkin actively communicates on the Internet, sharing his thoughts on cryptocurrency, music and cinema. At first glance, he may seem like an ordinary office worker, but in reality he is a key member of the large cybercrime syndicate Trickbot. Inside the organization, colleagues know Galochkin under the pseudonyms Bentley and Manuel.
According to Wired, Galochkin was involved in Trickbot financial transactions, subscriptions to services necessary for attacks, and obfuscation (hiding) malicious code from antivirus programs. In addition, Galochkin previously had the surname Sipkin and supported the opposition. Later, he changed his last name to Galochkin and began to engage in cybercrime.
The hacker also expressed his ambition to become a millionaire and his desire to live in the United States or Europe. In one of the correspondence with his colleagues, he boasted about his car Bentley Continental GT.
Researchers were able to determine the identity of the hacker after watching a video on a YouTube channel dedicated to cryptocurrencies. In this video, the author demonstrated his active account in the Jabber messenger. The same login was seen in the Bentley messages. After analyzing the information associated with the YouTube account, experts studied the use of similar usernames and passwords in other services. As a result, experts came to Maxim Galochkin from Abakan.
The investigation also uncovered the internal workings of the Trickbot syndicate, which made it possible to link key members of the syndicate to the broader cybercrime community and identify links to other criminal groups.
The investigation began in March 2022, when an account on the social network X called "Trickleaks" published the correspondence of approximately 35 members of the group. The information provided a unique insight into the size and structure of the Trickbot group, which researchers estimate at 100-400 people, making Trickbot one of the world's largest cybercriminal groups.
We also note that at the moment Galochkin has not been detained or charged with cybercrime. His current location is unknown.
In 2020, American law enforcement agencies, together with information security companies, disabled most of TrickBot's C&C infrastructure. Although the group lost 94% of its servers, the botnet survived and returned with new servers in a few days, and a few weeks later new attacks began. In February, after several months of downtime, the TrickBot botnet operators shut down their infrastructure .
In 2021, the US authorities charged and detained two TrickBot programmers, but the group's leadership remained intact. The grouping continued to function throughout 2021 until it became part of Conti and switched to a new code base.