CyberSecurity news
FlagThis
@cyberscoop.com
//
Operation Endgame, a coordinated effort by Europol, Eurojust, and law enforcement agencies internationally, has successfully disrupted the DanaBot malware network. This operation has led to the neutralization of approximately 300 servers and 650 domains worldwide between May 19 and 22, 2025. The U.S. Department of Justice (DoJ) has unsealed charges against 16 individuals allegedly involved in the development and deployment of the DanaBot malware, which was controlled by a Russia-based cybercrime organization.
The DanaBot malware, initially identified in May 2018, operated as a malware-as-a-service (MaaS), renting its capabilities to other criminals. It infected over 300,000 computers globally, causing an estimated $50 million in damages through fraud and ransomware. The malware was versatile, stealing banking credentials, browsing history, and cryptocurrency wallet information, while also offering remote access, keylogging, and screen recording. Initial infections often occurred through spam emails containing malicious attachments or hyperlinks, turning infected computers into part of a botnet.
Among those charged by the US Department of Justice are Aleksandr Stepanov, 39, and Artem Aleksandrovich Kalinkin, 34, both from Novosibirsk, Russia, who remain at large. The unsealed criminal complaint revealed that some of the defendants exposed their real-life identities by accidentally infecting their own systems with the malware. Operation Endgame also led to the issuance of international arrest warrants for 20 targets and the seizure of over EUR 21.2 million in cryptocurrency, including EUR 3.5 million during this latest action week.
ImgSrc: cyberscoop.com
References :
The DanaBot malware, initially identified in May 2018, operated as a malware-as-a-service (MaaS), renting its capabilities to other criminals. It infected over 300,000 computers globally, causing an estimated $50 million in damages through fraud and ransomware. The malware was versatile, stealing banking credentials, browsing history, and cryptocurrency wallet information, while also offering remote access, keylogging, and screen recording. Initial infections often occurred through spam emails containing malicious attachments or hyperlinks, turning infected computers into part of a botnet.
Among those charged by the US Department of Justice are Aleksandr Stepanov, 39, and Artem Aleksandrovich Kalinkin, 34, both from Novosibirsk, Russia, who remain at large. The unsealed criminal complaint revealed that some of the defendants exposed their real-life identities by accidentally infecting their own systems with the malware. Operation Endgame also led to the issuance of international arrest warrants for 20 targets and the seizure of over EUR 21.2 million in cryptocurrency, including EUR 3.5 million during this latest action week.
ImgSrc: cyberscoop.com
Share:
References :
- Threats | CyberScoop: DanaBot malware operation seized in global takedown
- DataBreaches.Net: 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide
- hackread.com: Operation Endgame Takes Down DanaBot Malware, Neutralizes 300 Servers
- The Hacker News: U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation
- Help Net Security: DanaBot botnet disrupted, QakBot leader indicted
- Risky Business Media: Risky Bulletin: DanaBot and Lumma Stealer taken down
Classification:
- HashTags: #Cybercrime #DanaBot #OperationEndgame
- Company: ESET
- Target: Worldwide
- Product: DanaBot
- Feature: Botnet Disruption
- Malware: DanaBot
- Type: Malware
- Severity: Major