European and North American cybercrime investigators report that they have taken down the core of a malware network run by Russian criminals, following a coordinated international operation involving law enforcement from the UK, Canada, Denmark, the Netherlands, France, Germany, and the United States.
While charges against 16 people were revealed in the US, European investigators have filed international arrest orders for 20 suspects, the majority of whom reside in Russia.
According to the US Department of Justice, those charged include the alleged leaders of the Qakbot and Danabot malware operations, including Moscow-based Rustam Rafailevich Gallyamov, 48, and Novosibirsk, Russia-based Aleksandr Stepanov, 39, also known as JimmBee, and Artem Aleksandrovich Kalinkin, 34, also known as Onix.
Cyberattacks that try to topple countries or just commit theft and extortion are getting more and more heinous. One of the most well-known and recent victims in the UK this month is the high-street shop Marks & Spencer.
In an effort to find 18 persons thought to be connected to the Qakbot malware family and a third spyware known as Trickbot, the Europeans, lead by the German crime agency, Bundeskriminalamt (BKA), issued public requests.
The bulk of the suspects, according to BKA and its foreign colleagues, were Russian nationals. One of BKA’s most sought is 36-year-old Vitalii Nikolayevich Kovalev, a Russian national who is already wanted in the US.
German police have called Kovalev one of the “most successful blackmailers in the history of cybercrime.” He is apparently the mastermind behind Conti, which is regarded as the most professional and well-organized ransomware blackmail gang in the world.
According to BKA, he is accused of attacking hundreds of businesses globally and demanding hefty ransom payments from them using the aliases Stern and Ben.
The 36-year-old Volgorod native Kovolev is said to reside in Moscow, where a number of businesses are established under his name. In 2023, US investigators discovered that he was a member of Trickbot.
Additionally, investigators now think he was in charge of Conti and other blackmail organizations like Royal and Blacksuit (established in 2022). The estimated value of his personal cryptocurrency wallet is €1 billion.
BKA and its overseas partners claimed they had sufficient evidence to issue 20 arrest warrants for the 37 offenders they had identified.
At the same time, the accusations against 16 individuals who allegedly “developed and deployed the DanaBot malware” were made public by the US attorney’s office in California.
A Russian cybercrime organization that has infected over 300,000 computers worldwide, mostly in the US, Australia, Poland, India, and Italy, “controlled and deployed” the illegal infiltrations onto the victims’ systems.
According to the indictment, it was promoted on criminal forums in Russian and included a “espionage variant used to target military, diplomatic, government and non-governmental organizations.”
“For this variant, separate servers were established, such that data stolen from these victims was ultimately stored in the Russian federation.”
According to BKA, Roman Mikhailovich Prokop, a 36-year-old Ukrainian who speaks Russian and is suspected of being a member of Qakbot, is also on the Europe most-wanted list as a result of the German operation.
In 2022, the German government launched Operation Endgame. Holger Münch, the president of the BKA, stated that cybercriminals specifically target Germany.
In particular, BKA is looking into the suspects’ participation in a criminal organization with headquarters abroad, their engagement in gang-related crimes, and their involvement in commercial extortion.
During the Covid pandemic, the Conti gang increased its assaults and concentrated on US hospitals between 2010 and 2022. A $10 million reward had been offered by US authorities to anyone who could help them locate its leaders.
Some suspected operate in Dubai, while the majority are in Russia. Münch stated that although it was doubtful that they would be extradited to the US or Europe, their identity was important and detrimental to them.
“With Operation Endgame 2.0, we have once again demonstrated that our strategies work – even in the supposedly anonymous darknet.”
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter |The Mainstream formerly known as CIO News Whatsapp Channel | The Mainstream formerly known as CIO News Instagram
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
