In the last six years, hacking gang Trickbot has stolen hundreds of millions of dollars.
And during that time, the leader of this Russian group — an enigmatic figure known as “Stern” — has remained unidentified. Until now.
As Wired reported Saturday (May 31), law enforcement in Germany now alleges that Stern’s is Vitaly Nikolaevich Kovalev, a 36-year-old Russian.
A recently issued Interpol red notice said that Kovalev is wanted in Germany for allegedly being the “ringleader” of a “criminal organisation,” the report added. But since he is in his home country, Wired added, he is protected from potential extradition.
“Stern’s naming is a significant event that bridges gaps in our understanding of Trickbot — one of the most notorious transnational cybercriminal groups to ever exist,” Alexander Leslie, a threat intelligence analyst at the security firm Recorded Future, told Wired.
“As Trickbot’s ‘big boss’ and one of the most noteworthy figures in the Russian cybercriminal underground, Stern remained an elusive character, and his real name was taboo for years.”
The report notes that Kovalev’s name and face may already be familiar to anyone following the Trickbot case, as he was sanctioned in 2023 by the U.S. and U.K. for his involvement as a senior member of the group.
He has also been charged with hacking linked to bank fraud allegedly carried out in 2010. However, in all of these instances, authorities linked Kovalev to the online handles “ben” and “Bentley,” without mentioning a connection to the Stern handle.
In other cybersecurity news, PYMNTS wrote last week about the surge in data breaches involving third parties like vendors, service providers, and platforms that handle customer or operational data.
A recent report from Verizon found that in 2023, just 15% of data breaches involved these third parties. That figure had doubled to 30% by last year.
“In 2021, there were 400 data breach lawsuits filed,” Philip Yannella, co-chair of the privacy, security, and data protection practice at Blank Rome and the author of “Cyber Litigation: Data Breach, Data Privacy & Digital Rights,” 2025 edition, said in an interview with PYMNTS. “Last year, there were over 2,000.”
“Data breaches are always the biggest danger, particularly for financial institutions … We’re going to go through a period where we see more breaches — potentially more expensive breaches — until companies can get their arms around how to deal with them,” Yannella added. “If you’re a bank, you’ve got to worry quite a bit about your vendors.”
