Ddos 
The U.S. Department of Justice has unsealed charges against 16 individuals allegedly behind the DanaBot malware operation, a Russia-based cybercrime enterprise that infected over 300,000 computers worldwide and caused over $50 million in damages.
In a coordinated international effort dubbed Operation Endgame, U.S. law enforcement, in collaboration with agencies across Europe and Australia, dismantled the infrastructure behind DanaBot—a notorious malware-as-a-service platform used for banking fraud, credential theft, ransomware, and surveillance targeting diplomatic and military entities.
“Pervasive malware like DanaBot harms hundreds of thousands of victims around the world, including sensitive military, diplomatic, and government entities,” said U.S. Attorney Bill Essayli. “The charges and actions announced today demonstrate our commitment to eradicating the largest threats to global cybersecurity.”
Among the 16 defendants are Aleksandr Stepanov (a.k.a. “JimmBee”) and Artem Aleksandrovich Kalinkin (a.k.a. “Onix”), both residents of Novosibirsk, Russia. They face a sweeping list of charges including:
- Conspiracy to commit wire and bank fraud
- Aggravated identity theft
- Unauthorized access to protected computers
- Wiretapping
- Remote computer impairment
Kalinkin faces up to 72 years in federal prison if convicted, while Stepanov faces a maximum of five years.
“The DanaBot malware used a variety of methods to infect victim computers, including spam email messages containing malicious attachments or hyperlinks,” the indictment notes.
DanaBot functioned under a malware-as-a-service (MaaS) model. Administrators leased access to the botnet and toolkits for several thousand dollars per month, enabling client cybercriminals to:
- Steal banking credentials
- Hijack sessions and keystrokes
- Exfiltrate cryptocurrency wallets
- Record browsing activity and screenshots
- Deploy ransomware and remote access trojans (RATs)
The malware’s dual-purpose nature made it especially dangerous. One version of the botnet was geared toward financial fraud; a second version, operated by the same group, was aimed at high-value targets in military, diplomatic, and law enforcement sectors across North America and Europe.
“DanaBot also had the capability to provide full remote access to victim computers… and has further been used as an initial means of infection for other forms of malware, including ransomware,” the DOJ explained.
The FBI’s Anchorage Field Office and the Defense Criminal Investigative Service (DCIS) led the operation, working with Germany’s Bundeskriminalamt (BKA), the Netherlands National Police, and the Australian Federal Police. As part of the takedown, law enforcement seized command-and-control (C2) infrastructure, including dozens of U.S.-hosted virtual servers.
The U.S. government is now working with Shadowserver Foundation and cybersecurity firms including Amazon, Google, Proofpoint, CrowdStrike, and others to notify victims and remediate infections.
Related Posts:
- DanaBot Malware: The Hidden Threat in Job Application Emails
- DanaBot Bank Trojan Targets Bank Customers through Phishing Scam
- Europol & Microsoft Lead Global Takedown of Lumma Stealer, World’s Largest Infostealer
- Cybercriminals Lose: 80% Fewer Unauthorized Cobalt Strikes
- Operation Endgame: Global Takedown Disrupts Major Ransomware Malware Infrastructure
Donate