CyberSecurity news
FlagThis
@cyberscoop.com
//
A federal grand jury indictment unsealed today has charged 16 defendants who allegedly developed and deployed the DanaBot malware, a scheme that infected over 300,000 computers globally. The malware, controlled and deployed by a Russia-based cybercrime organization, facilitated fraud and ransomware attacks, causing at least $50 million in damage. Aleksandr Stepanov, 39, also known as “JimmBee,” and Artem Aleksandrovich Kalinkin, 34, also known as “Onix”, both of Novosibirsk, Russia are amongst those charged.
The DanaBot malware was distributed through spam email messages containing malicious attachments or hyperlinks. Once a computer was infected, it became part of a botnet, allowing operators to remotely control the compromised machines. The malware operated on a malware-as-a-service model, offering access to the botnet and support tools to clients for a fee. DanaBot had extensive capabilities, including stealing data, hijacking banking sessions, recording keystrokes, and providing full remote access to victim computers.
In addition to the criminal charges related to DanaBot, the U.S. Department of Justice announced the seizure of internet domains tied to the LummaC2 information-stealing malware operation, which has been actively targeting U.S. critical infrastructure. The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory warning of these campaigns, which involve the deployment of the LummaC2 infostealer to breach networks and siphon off sensitive data. Microsoft independently took down 2,300 internet domains also used by the LummaC2 actors.
ImgSrc: cyberscoop.com
References :
The DanaBot malware was distributed through spam email messages containing malicious attachments or hyperlinks. Once a computer was infected, it became part of a botnet, allowing operators to remotely control the compromised machines. The malware operated on a malware-as-a-service model, offering access to the botnet and support tools to clients for a fee. DanaBot had extensive capabilities, including stealing data, hijacking banking sessions, recording keystrokes, and providing full remote access to victim computers.
In addition to the criminal charges related to DanaBot, the U.S. Department of Justice announced the seizure of internet domains tied to the LummaC2 information-stealing malware operation, which has been actively targeting U.S. critical infrastructure. The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory warning of these campaigns, which involve the deployment of the LummaC2 infostealer to breach networks and siphon off sensitive data. Microsoft independently took down 2,300 internet domains also used by the LummaC2 actors.
ImgSrc: cyberscoop.com
Share:
References :
- DataBreaches.Net: 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide
- The Register - Security: Suspected creeps behind DanaBot malware that hit 300K+ computers revealed
- WIRED: Feds Charge 16 Russians Allegedly Tied to Botnets Used in Ransomware, Cyberattacks, and Spying
- Threats | CyberScoop: DanaBot malware operation seized in global takedown
- krebsonsecurity.com: Oops: DanaBot Malware Devs Infected Their Own PCs
- Risky Business Media: Risky Bulletin: DanaBot and Lumma Stealer taken down
- borncity.com: Operations Endgame, DanaBot-Net and Raptor disrupt infrastructure for ransomware attacks and more
- hackread.com: Operation Endgame Takes Down DanaBot Malware, Neutralizes 300 Servers
- The Hacker News: U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation
Classification:
- HashTags: #DanaBot #Cybercrime #Malware
- Company: DOJ
- Target: Global Computer Systems
- Attacker: Aleksandr Stepanov
- Product: Information Stealing
- Feature: Credential Theft
- Malware: DanaBot
- Type: Malware
- Severity: Major