Europol and German law enforcement have revealed the identities of eight cybercriminals linked to the various malware droppers and loaders disrupted as part of the Operation Endgame law enforcement operation.

Operation Endgame, announced by Europol yesterday, led to the seizure of 100 servers used in multiple malware operations, including IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC.

The law enforcement crackdown also involved four arrests, one in Armenia and three in Ukraine.

Yesterday, the Federal Criminal Police Office of Germany revealed the identities of eight cybercriminals of Russian descent, who are thought to have held central roles in the Smokeloader and Trickbot malware operations.

The identity and criminal profiles of the eight men are summarized as follows:

1. Airat Rustemovich Gruber: A 42-year-old Russian suspected of being the admin of the “Smokeloader” botnet. His activities include unauthorized access to hundreds of thousands of systems, data espionage, and installing third-party malware, including infostealers and ransomware, for profit. It is estimated that he generated over one million euros from these activities.
2. Oleg Vyacheslavovich Kucherov:  Also known as “gabr,” the 51-year-old Russian is implicated as a key member of the “Trickbot” group also known as “Wizard Spider,” engaging in infecting computer systems, stealing data, and using ransomware to extort victims.
3. Sergey Valerievich Polyak: A 34-year-old Russian, also known as “cypher,” was a member of the “Trickbot” group. He is suspected of searching for new victims and planning targeted cyberattacks.
4. Fedor Aleksandrovich Andreev: Known by aliases “azot” and “angelo,” is a 37-year-old Russian male who played a significant role in the “Trickbot” group, initially testing malware and later leading a team.
5. Georgy Sergeevich Tesman: Using the alias “core” the 25-year-old Russian contributed to the “Trickbot” group’s activities by acting as a crypter, ensuring malware evasion from antivirus detection.
6. Anton Alexandrovich Bragin: Known as “hector,” the 41-year-old Russian is suspected of contributing significantly to the “Trickbot” group’s activities by improving the admin panel used to manage the group’s criminal infrastructure.
7. Andrei Andreyevich Cherepanov: Using the aliases “fast” and “basil,” the 39-year-old Russian played a crucial role in the “Trickbot” group by developing a spam bot and later acting as a crypter to help the group evade antivirus detection.
8. Nikolai Nikolaevich Chereshnev: Known by the alias “biggie,” the 34-year-old Russian was involved in maintaining the VPN infrastructure for the “Trickbot” group and later acted as a crypter to ensure the malware remained undetected.

The authorities have no information about the current location and whereabouts of any of the eight cybercriminals.

However, they are believed to reside in the Russian Federation, except for Kucherov, who, according to the investigation, lives in the United Arab Emirates.

Europe’s Most Wanted portal, which now lists the eight cybercriminals, requests the public to contribute information about the whereabouts of these persons, communication details by people who contacted them recently, and additional information on their online presence.