Cybercrime investigators from Europe and North America have announced the dismantling of a major malware operation run by Russian criminals, following extensive collaboration with law enforcement agencies from the UK, Canada, Denmark, the Netherlands, France, Germany, and the US.
International arrest warrants have been issued for 20 suspects, with charges against 16 individuals sealed by European investigators based in Russia.
According to reports, the operation also involves the infamous Qakbot and Danabot malware leaders, Rustam Rafailevich Gallyamov, 48, known as Jimmbee, and Artem Aleksandrovich Kalinkin, 34, known as Onix, as stated by the US Department of Justice.
Cyberattacks aimed at government destabilization, financial theft, or phishing emails are becoming increasingly severe. Recently, high street retailer Marks & Spencer fell victim to such an attack in the UK.
The Bundeskriminalamt (BKA), led by the German crime agency, has launched a public appeal to locate 18 suspects allegedly linked to the Qakbot malware family as well as another malware known as Trickbot.
The BKA and its international partners report that many of the suspects are Russian nationals. Among them is Vitalii Nikolayevich Kovalev, 36, who has already been indicted in the US, and is among the BKA’s most wanted individuals.
Kovalev is believed to be behind the Conti group, which is regarded as one of the most sophisticated and organized ransomware syndicates. German investigators describe him as “one of the most notorious and successful email attackers in the history of cybercrime.”
Using aliases like Stern and Ben, the BKA alleges he has targeted hundreds of companies globally, extracting significant ransom payments.
Kovalev, 36, originally from Volgorod, is thought to reside in Moscow, where several companies are registered under his name. In 2023, US investigators identified him as a member of Trickbot.
Authorities also believe he leads other criminal groups, including Conti, Royal, and Blacksuit (established in 2022). His reported Cryptowallet holds approximately 1 billion euros.
The BKA, along with its international partners, has determined that there is enough evidence to issue 20 arrest warrants for 37 individuals involved.
A US law firm in California has sealed the details of charges against 16 defendants accused of “developing and deploying Danabot malware.”
The criminal activities targeting victims’ computers have been “managed and executed” by Russia-based cybercriminal organizations, which have infected over 300,000 computers globally, with significant incidents reported in the United States, Australia, Poland, India, and Italy.
The malware was advertised on a Russian criminal forum and has been linked to “espionage activities aimed at military, diplomatic, governmental, and non-governmental organizations.”
As a result of this variant, separate servers have been established for storing data stolen from these victims, presumably in the Russian Federation.
In Europe, the BKA’s most wanted list includes Roman Mikhailovich Procop, a 36-year-old Russian-speaking Ukrainian, who is suspected to be associated with Qakbot.
Operation Endgame was initiated by German authorities in 2022. BKA President Holger Münch has stated that Germany is a significant target for cybercriminals.
The BKA is specifically investigating the alleged involvement of suspects in gang-related activities and commercial terrorism, along with their association with transnational criminal organizations.
Between 2010 and 2022, the Conti Group primarily targeted US hospitals, with a noticeable increase in attacks during the COVID pandemic. US authorities have offered a reward of $10 million for information leading to their capture.
Most suspects are believed to be operating within Russia, though some may also be active in Dubai. While Münch noted that extradition to Europe or the US is unlikely, their identities remain crucial in the ongoing investigations.
“We have once again demonstrated that our strategy can be effective even in the anonymous darknets with Operation Endgame 2.0.”
Source: www.theguardian.com
Discover more from Mondo News
Subscribe to get the latest posts sent to your email.