CyberSecurity news
FlagThis - #danabot
|
@cyberscoop.com
//
Operation Endgame, a coordinated effort by Europol, Eurojust, and law enforcement agencies internationally, has successfully disrupted the DanaBot malware network. This operation has led to the neutralization of approximately 300 servers and 650 domains worldwide between May 19 and 22, 2025. The U.S. Department of Justice (DoJ) has unsealed charges against 16 individuals allegedly involved in the development and deployment of the DanaBot malware, which was controlled by a Russia-based cybercrime organization.
The DanaBot malware, initially identified in May 2018, operated as a malware-as-a-service (MaaS), renting its capabilities to other criminals. It infected over 300,000 computers globally, causing an estimated $50 million in damages through fraud and ransomware. The malware was versatile, stealing banking credentials, browsing history, and cryptocurrency wallet information, while also offering remote access, keylogging, and screen recording. Initial infections often occurred through spam emails containing malicious attachments or hyperlinks, turning infected computers into part of a botnet. Among those charged by the US Department of Justice are Aleksandr Stepanov, 39, and Artem Aleksandrovich Kalinkin, 34, both from Novosibirsk, Russia, who remain at large. The unsealed criminal complaint revealed that some of the defendants exposed their real-life identities by accidentally infecting their own systems with the malware. Operation Endgame also led to the issuance of international arrest warrants for 20 targets and the seizure of over EUR 21.2 million in cryptocurrency, including EUR 3.5 million during this latest action week.
Share:
References :
Classification:
@cyberscoop.com
//
A federal grand jury indictment unsealed today has charged 16 defendants who allegedly developed and deployed the DanaBot malware, a scheme that infected over 300,000 computers globally. The malware, controlled and deployed by a Russia-based cybercrime organization, facilitated fraud and ransomware attacks, causing at least $50 million in damage. Aleksandr Stepanov, 39, also known as “JimmBee,” and Artem Aleksandrovich Kalinkin, 34, also known as “Onix”, both of Novosibirsk, Russia are amongst those charged.
The DanaBot malware was distributed through spam email messages containing malicious attachments or hyperlinks. Once a computer was infected, it became part of a botnet, allowing operators to remotely control the compromised machines. The malware operated on a malware-as-a-service model, offering access to the botnet and support tools to clients for a fee. DanaBot had extensive capabilities, including stealing data, hijacking banking sessions, recording keystrokes, and providing full remote access to victim computers. In addition to the criminal charges related to DanaBot, the U.S. Department of Justice announced the seizure of internet domains tied to the LummaC2 information-stealing malware operation, which has been actively targeting U.S. critical infrastructure. The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory warning of these campaigns, which involve the deployment of the LummaC2 infostealer to breach networks and siphon off sensitive data. Microsoft independently took down 2,300 internet domains also used by the LummaC2 actors.
Share:
References :
Classification:
|