European and North American cybercrime investigators said they have dismantled the heart of a malware operation directed by Russian criminals after a global operation involving British, Canadian, Danish, Dutch, French, German and US police.
International arrest warrants have been issued for 20 suspects, most of them living in Russia, by European investigators, while indictments were unsealed in the US against 16 people.
Those charged include the alleged leaders of the Qakbot and Danabot malware operations, including Rustam Rafailevich Gallyamov, 48, who lives in Moscow and Aleksandr Stepanov, 39, AKA JimmBee, and Artem Aleksandrovich Kalinkin, 34, AKA Onix, both of Novosibirsk, Russia, the US Department of Justice said.
Photo: Reuters
Cyberattacks aimed at destabilizing governments or simple theft and blackmail are becoming increasingly pernicious. The high-street retailer Marks & Spencer is one of the most high-profile and recent victims in the UK this month.
The Europeans, led by the German crime agency, Bundeskriminalamt (BKA), released public appeals in their attempts to track down 18 suspects believed to be involved in the Qakbot malware family, along with a third malware known as Trickbot.
BKA and its international counterparts said the majority of the suspects were Russians. The Russian national Vitalii Nikolayevich Kovalev, 36, already wanted in the US, is one of BKA’s most wanted.
He is allegedly behind Conti, considered to be the most professional and best-organized ransomware blackmail group in the world, with Kovalev described as one of the “most successful blackmailers in the history of cybercrime” by German investigators.
Using the pseudonyms Stern and Ben, BKA said that he is claimed to have attacked hundreds of companies worldwide and extracted large ransom payments from them.
Kovolev, 36, from Volgorod, is believed to be living in Moscow, where several firms are registered in his name. He was identified by US investigators in 2023 as having been a member of Trickbot.
Investigators also believe he was at the helm of Conti and other blackmail groups, such as Royal and Blacksuit, founded in 2022. His own cryptowallet is said to be worth about 1 billion euros (US$1.1 billion)
BKA said that of the 37 perpetrators they identified, they had enough evidence to issue 20 arrest warrants.
The US attorney’s office in California unsealed the details of charges against 16 defendants who allegedly “developed and deployed the DanaBot malware.”
The criminal infiltrations into victims’ computers were “controlled and deployed” by a Russia-based cybercrime organization that has infected more than 300,000 computers around the world, particularly in the US, Australia, Poland, India and Italy.
It was advertised on Russian-language criminal forums and also had an “espionage variant used to target military, diplomatic, government and non-governmental organizations,” the indictment says.
“For this variant, separate servers were established, such that data stolen from these victims was ultimately stored in the Russian Federation,” it added.
‘TERRORIST ATTACK’: The convoy of Brigadier General Hamdi Shukri resulted in the ‘martyrdom of five of our armed forces,’ the Presidential Leadership Council said A blast targeting the convoy of a Saudi Arabian-backed armed group killed five in Yemen’s southern city of Aden and injured the commander of the government-allied unit, officials said on Wednesday. “The treacherous terrorist attack targeting the convoy of Brigadier General Hamdi Shukri, commander of the Second Giants Brigade, resulted in the martyrdom of five of our armed forces heroes and the injury of three others,” Yemen’s Saudi Arabia-backed Presidential Leadership Council said in a statement published by Yemeni news agency Saba. A security source told reporters that a car bomb on the side of the road in the Ja’awla area in
‘SHOCK TACTIC’: The dismissal of Yang mirrors past cases such as Jang Song-thaek, Kim’s uncle, who was executed after being accused of plotting to overthrow his nephew North Korean leader Kim Jong-un has fired his vice premier, compared him to a goat and railed against “incompetent” officials, state media reported yesterday, in a rare and very public broadside against apparatchiks at the opening of a critical factory. Vice Premier Yang Sung-ho was sacked “on the spot,” the state-run Korean Central News Agency said, in a speech in which Kim attacked “irresponsible, rude and incompetent leading officials.” “Please, comrade vice premier, resign by yourself when you can do it on your own before it is too late,” Kim reportedly said. “He is ineligible for an important duty. Put simply, it was
SCAM CLAMPDOWN: About 130 South Korean scam suspects have been sent home since October last year, and 60 more are still waiting for repatriation Dozens of South Koreans allegedly involved in online scams in Cambodia were yesterday returned to South Korea to face investigations in what was the largest group repatriation of Korean criminal suspects from abroad. The 73 South Korean suspects allegedly scammed fellow Koreans out of 48.6 billion won (US$33 million), South Korea said. Upon arrival in South Korea’s Incheon International Airport aboard a chartered plane, the suspects — 65 men and eight women — were sent to police stations. Local TV footage showed the suspects, in handcuffs and wearing masks, being escorted by police officers and boarding buses. They were among about 260 South
A former flight attendant for a Canadian airline posed as a commercial pilot and as a current flight attendant to obtain hundreds of free flights from US airlines, authorities said on Tuesday. Dallas Pokornik, 33, of Toronto, was arrested in Panama after being indicted on wire fraud charges in US federal court in Hawaii in October last year. He pleaded not guilty on Tuesday following his extradition to the US. Pokornik was a flight attendant for a Toronto-based airline from 2017 to 2019, then used fake employee identification from that carrier to obtain tickets reserved for pilots and flight attendants on three other
RSS