How Does One Get Hired by a Top Cybercrime Gang?

2021-06-15 15:41

Just how did a self-employed web site designer and mother of two come to work for one of the world's most rapacious cybercriminal groups and then leave such an obvious trail of clues indicating her involvement with the gang? This post explores answers to those questions, as well as some of the ways Trickbot and other organized cybercrime gangs gradually recruit, groom and trust new programmers.

The DOJ alleges Witte was responsible for "Overseeing the creation of code related to the monitoring and tracking of authorized users of the Trickbot malware, the control and deployment of ransomware, obtaining payments from ransomware victims, and developing tools and protocols for the storage of credentials stolen and exfiltrated from victims infected by Trickbot."

Here's a snippet of translated instant message text between two of the unnamed Trickbot defendants, in which they discuss an applicant who understood immediately that he was being hired to help with cybercrime activity.

What about new hires that aren't hip to exactly how the programs they're being asked to create get used? Another source in the threat intelligence industry who has had access to the inner workings of Trickbot provided some additional context on how developers are onboarded into the group.

If the candidate is talented and industrious enough, someone in the Trickbot group will "Read in" the new recruit - i.e. explain in plain terms how their work is being used.

The hiring model adopted by Trickbot allows the gang to recruit a steady stream of talented developers cheaply and covertly.

News URL

https://krebsonsecurity.com/2021/06/how-does-one-get-hired-by-a-top-cybercrime-gang/

#cybercrime