CyberSecurity news

FlagThis - #danabot

@cyberscoop.com //
Operation Endgame, a coordinated effort by Europol, Eurojust, and law enforcement agencies internationally, has successfully disrupted the DanaBot malware network. This operation has led to the neutralization of approximately 300 servers and 650 domains worldwide between May 19 and 22, 2025. The U.S. Department of Justice (DoJ) has unsealed charges against 16 individuals allegedly involved in the development and deployment of the DanaBot malware, which was controlled by a Russia-based cybercrime organization.

The DanaBot malware, initially identified in May 2018, operated as a malware-as-a-service (MaaS), renting its capabilities to other criminals. It infected over 300,000 computers globally, causing an estimated $50 million in damages through fraud and ransomware. The malware was versatile, stealing banking credentials, browsing history, and cryptocurrency wallet information, while also offering remote access, keylogging, and screen recording. Initial infections often occurred through spam emails containing malicious attachments or hyperlinks, turning infected computers into part of a botnet.

Among those charged by the US Department of Justice are Aleksandr Stepanov, 39, and Artem Aleksandrovich Kalinkin, 34, both from Novosibirsk, Russia, who remain at large. The unsealed criminal complaint revealed that some of the defendants exposed their real-life identities by accidentally infecting their own systems with the malware. Operation Endgame also led to the issuance of international arrest warrants for 20 targets and the seizure of over EUR 21.2 million in cryptocurrency, including EUR 3.5 million during this latest action week.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • Threats | CyberScoop: DanaBot malware operation seized in global takedown
  • DataBreaches.Net: 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide
  • hackread.com: Operation Endgame Takes Down DanaBot Malware, Neutralizes 300 Servers
  • The Hacker News: U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation
  • Help Net Security: DanaBot botnet disrupted, QakBot leader indicted
  • Risky Business Media: Risky Bulletin: DanaBot and Lumma Stealer taken down
Classification:
@cyberscoop.com //
A federal grand jury indictment unsealed today has charged 16 defendants who allegedly developed and deployed the DanaBot malware, a scheme that infected over 300,000 computers globally. The malware, controlled and deployed by a Russia-based cybercrime organization, facilitated fraud and ransomware attacks, causing at least $50 million in damage. Aleksandr Stepanov, 39, also known as “JimmBee,” and Artem Aleksandrovich Kalinkin, 34, also known as “Onix”, both of Novosibirsk, Russia are amongst those charged.

The DanaBot malware was distributed through spam email messages containing malicious attachments or hyperlinks. Once a computer was infected, it became part of a botnet, allowing operators to remotely control the compromised machines. The malware operated on a malware-as-a-service model, offering access to the botnet and support tools to clients for a fee. DanaBot had extensive capabilities, including stealing data, hijacking banking sessions, recording keystrokes, and providing full remote access to victim computers.

In addition to the criminal charges related to DanaBot, the U.S. Department of Justice announced the seizure of internet domains tied to the LummaC2 information-stealing malware operation, which has been actively targeting U.S. critical infrastructure. The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory warning of these campaigns, which involve the deployment of the LummaC2 infostealer to breach networks and siphon off sensitive data. Microsoft independently took down 2,300 internet domains also used by the LummaC2 actors.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • DataBreaches.Net: 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide
  • The Register - Security: Suspected creeps behind DanaBot malware that hit 300K+ computers revealed
  • WIRED: Feds Charge 16 Russians Allegedly Tied to Botnets Used in Ransomware, Cyberattacks, and Spying
  • Threats | CyberScoop: DanaBot malware operation seized in global takedown
  • krebsonsecurity.com: Oops: DanaBot Malware Devs Infected Their Own PCs
  • Risky Business Media: Risky Bulletin: DanaBot and Lumma Stealer taken down
  • borncity.com: Operations Endgame, DanaBot-Net and Raptor disrupt infrastructure for ransomware attacks and more
  • hackread.com: Operation Endgame Takes Down DanaBot Malware, Neutralizes 300 Servers
  • The Hacker News: U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation
Classification:
  • HashTags: #DanaBot #Cybercrime #Malware
  • Company: DOJ
  • Target: Global Computer Systems
  • Attacker: Aleksandr Stepanov
  • Product: Information Stealing
  • Feature: Credential Theft
  • Malware: DanaBot
  • Type: Malware
  • Severity: Major