On 9 February, the United States and United Kingdom took action via Executive Order 13757 to sanction seven members of Russia’s notorious hacker group Trickbot. The US Treasury Department denounced Trickbot, stating that “During the height of the COVID pandemic in 2020, Trickbot targeted hospitals and healthcare centers… [in] ransomware attacks.”

According to Darkreading, Trickbot began malware operations as a banking Trojan before expanding to other forms of malware. With tensions ever increasing due to the Russian invasion of Ukraine and seemingly countless sanctions already imposed on Russia, how much of a difference will this make? If Trickbot can hack into hospitals, it isn’t a giant leap for them to attempt to hack into a satellite ground station.

Back on the first day of the Ukrainian invasion, Russia is believed to have hacked into Viasat, a United States satellite communications provider.  While the sanction only denotes Trickbot as “Russia-based” and not “Russia-sponsored,” these sanctions don’t necessarily mean we are done seeing Trickbot attacks. Chief Intelligence Officer of Intel 471 Michael DeBolt says, “the source code [used in hacking] may be sold or leaked and other threat actors could re-use it.”  

https://www.darkreading.com/endpoint/trickbot-members-sanctioned-pandemic-era-ransomware-hits