Thanks to a large international operation, we have seen those leaders indicted. These guys are linked to an infamous cybercrime syndicate that releases Qakbot and Danabot malware. The indictment names Rustam Rafailevich Gallyamov, 48 of Moscow. It further implicates two members from Novosibirsk, 39-year-old Aleksandr Stepanov, aka JimmBee, and 34-year-old Artem Aleksandrovich Kalinkin, aka Onix.
The majority of these suspects are currently residing in Russia. Step forward, U.S. Department of Justice, which has charged 16 defendants. These actors have been associated with the development and distribution of DanaBot malware, which has caused disruption worldwide.
Gallyamov, Stepanov, and Kalinkin stand accused of orchestrating a global ransomware scheme that has significantly impacted computers across various countries. The Qakbot malware family has infected more than 300,000 computers around the world. The United States, Australia, Poland, India, and Italy have been the most severely impacted countries.
Vitalii Nikolayevich Kovalev, 36, is a Russian national caught up in this cybercrime conspiracy. He is already on the most wanted lists of both U.S. authorities and Germany’s Bundeskriminalamt (BKA)—their FBI. Kovalev is accused of being the mastermind behind Conti, one of the world’s most advanced ransomware criminal enterprises. Specifically, Conti targeted U.S. hospitals from 2010 to 2022, increasing its activities during the pandemic.
The recent report estimates that the value of Kovalev’s cryptowallet is about €1 billion, highlighting the scale of the financial operations and crime at stake. We know that law enforcement agencies are actively communicating and working together across borders. This unprecedented show of coordination is a clear indication of the growing danger that cybercriminal enterprises are to international security.
It cannot be overstated how much these indictments matter. Together, they provide important illustrations of international law enforcement’s commitment to the fight against cybercrime. The operation spotlights the cross-border collaboration required to disrupt networks that are leveraging new technology for their criminal enterprise.
“With Operation Endgame 2.0, we have once again demonstrated that our strategies work – even in the supposedly anonymous darknet.” – Holger Münch
The Qakbot and Danabot malware campaigns – the latter named after a culinary expert – are linked to various forms of cybercrime. We see them conducting ransomware attacks that expose sensitive data and extort organizations. These cyber activities represent a truly perilous attack—not only to life and limb, but to commerce and the physical infrastructure we depend on.
As investigations proceed, authorities are stressing the need for a global collaboration to combat cyber threats. These hostile malware operations are injurious to the cyber-maturity of individual victims. They break economies and undermine public faith in the digital infrastructure.
As investigations continue, authorities emphasize the importance of global cooperation in addressing cyber threats. The impact of these malware operations extends far beyond individual victims; it affects economies and undermines trust in digital systems.