The Department of Justice (DoJ) is cracking down on cybercrime infrastructure, announcing on May 22 that it unsealed the charges against 16 individuals linked to the DanaBot malware scheme and indicted the alleged leader of the Qakbot malware conspiracy.
Both actions were taken in conjunction with “Operation Endgame,” which is a coordinated effort among international law enforcement agencies aimed at dismantling and prosecuting cybercriminal organizations around the world.
DanaBot Malware Scheme
DoJ announced that a Federal grand jury indictment and criminal complaint unsealed on May 22 charge 16 defendants who allegedly developed and deployed the DanaBot malware. The Russia-based cybercrime organization has infected over 300,000 victim computers worldwide and caused at least $50 million in damage.
The department said the defendants include Aleksandr Stepanov, a.k.a. “JimmBee,” and Artem Aleksandrovich Kalinkin, a.k.a. “Onix”, both of Novosibirsk, Russia.
“Pervasive malware like DanaBot harms hundreds of thousands of victims around the world, including sensitive military, diplomatic, and government entities, and causes many millions of dollars in losses,” said Bill Essayli, U.S. Attorney for the Central District of California. “The charges and actions announced today demonstrate our commitment to eradicating the largest threats to global cybersecurity and pursuing the most malicious cyber actors, wherever they are located.”
DanaBot malware used several methods to infect victim computers, including email messages containing malicious attachments or hyperlinks. The victims were typically unaware that their computers had been infected.
Qakbot Malware Scheme
In a separate action, the DoJ announced that a Federal indictment unsealed on May 22 charges Rustam Rafailevich Gallyamov – a Russian national residing in Moscow – with leading the group of cybercriminals who developed and deployed the Qakbot malware.
In connection with the charges, the DoJ filed a civil forfeiture complaint against over $24 million in cryptocurrency seized from Gallyamov over the course of the investigation.
According to the court documents, Gallyamov developed and controlled the Qakbot malware beginning in 2008. The malicious software infected thousands of computers, and Gallyamov allegedly provided access to co-conspirators who infected the computers with ransomware.
“The Justice Department’s latest actions to counter the Qakbot malware scheme sends a clear message to the cybercrime community,” said Matthew R. Galeotti, head of the DoJ’s Criminal Division. “We are determined to hold cybercriminals accountable and will use every legal tool at our disposal to identify you, charge you, forfeit your ill-gotten gains, and disrupt your criminal activity.”