European and North American cybercrime investigators said they have dismantled the heart of a malware operation directed by Russian criminals after a global operation involving British, Canadian, Danish, Dutch, French, German and US police.
International arrest warrants have been issued for 20 suspects, most of them living in Russia, by European investigators, while indictments were unsealed in the US against 16 people.
Those charged include the alleged leaders of the Qakbot and Danabot malware operations, including Rustam Rafailevich Gallyamov, 48, who lives in Moscow and Aleksandr Stepanov, 39, AKA JimmBee, and Artem Aleksandrovich Kalinkin, 34, AKA Onix, both of Novosibirsk, Russia, the US Department of Justice said.
Photo: Reuters
Cyberattacks aimed at destabilizing governments or simple theft and blackmail are becoming increasingly pernicious. The high-street retailer Marks & Spencer is one of the most high-profile and recent victims in the UK this month.
The Europeans, led by the German crime agency, Bundeskriminalamt (BKA), released public appeals in their attempts to track down 18 suspects believed to be involved in the Qakbot malware family, along with a third malware known as Trickbot.
BKA and its international counterparts said the majority of the suspects were Russians. The Russian national Vitalii Nikolayevich Kovalev, 36, already wanted in the US, is one of BKA’s most wanted.
He is allegedly behind Conti, considered to be the most professional and best-organized ransomware blackmail group in the world, with Kovalev described as one of the “most successful blackmailers in the history of cybercrime” by German investigators.
Using the pseudonyms Stern and Ben, BKA said that he is claimed to have attacked hundreds of companies worldwide and extracted large ransom payments from them.
Kovolev, 36, from Volgorod, is believed to be living in Moscow, where several firms are registered in his name. He was identified by US investigators in 2023 as having been a member of Trickbot.
Investigators also believe he was at the helm of Conti and other blackmail groups, such as Royal and Blacksuit, founded in 2022. His own cryptowallet is said to be worth about 1 billion euros (US$1.1 billion)
BKA said that of the 37 perpetrators they identified, they had enough evidence to issue 20 arrest warrants.
The US attorney’s office in California unsealed the details of charges against 16 defendants who allegedly “developed and deployed the DanaBot malware.”
The criminal infiltrations into victims’ computers were “controlled and deployed” by a Russia-based cybercrime organization that has infected more than 300,000 computers around the world, particularly in the US, Australia, Poland, India and Italy.
It was advertised on Russian-language criminal forums and also had an “espionage variant used to target military, diplomatic, government and non-governmental organizations,” the indictment says.
“For this variant, separate servers were established, such that data stolen from these victims was ultimately stored in the Russian Federation,” it added.
Yemen’s separatist leader has vowed to keep working for an independent state in the country’s south, in his first social media post since he disappeared earlier this month after his group briefly seized swathes of territory. Aidarous al-Zubaidi’s United Arab Emirates (UAE)-backed Southern Transitional Council (STC) forces last month captured two Yemeni provinces in an offensive that was rolled back by Saudi strikes and Riyadh’s allied forces on the ground. Al-Zubaidi then disappeared after he failed to board a flight to Riyadh for talks earlier this month, with Saudi Arabia accusing him of fleeing to Abu Dhabi, while supporters insisted he was
‘SHOCK TACTIC’: The dismissal of Yang mirrors past cases such as Jang Song-thaek, Kim’s uncle, who was executed after being accused of plotting to overthrow his nephew North Korean leader Kim Jong-un has fired his vice premier, compared him to a goat and railed against “incompetent” officials, state media reported yesterday, in a rare and very public broadside against apparatchiks at the opening of a critical factory. Vice Premier Yang Sung-ho was sacked “on the spot,” the state-run Korean Central News Agency said, in a speech in which Kim attacked “irresponsible, rude and incompetent leading officials.” “Please, comrade vice premier, resign by yourself when you can do it on your own before it is too late,” Kim reportedly said. “He is ineligible for an important duty. Put simply, it was
The Chinese Embassy in Manila yesterday said it has filed a diplomatic protest against a Philippine Coast Guard spokesman over a social media post that included cartoonish images of Chinese President Xi Jinping (習近平). Philippine Coast Guard spokesman Jay Tarriela and an embassy official had been trading barbs since last week over issues concerning the disputed South China Sea. The crucial waterway, which Beijing claims historic rights to despite an international ruling that its assertion has no legal basis, has been the site of repeated clashes between Chinese and Philippine vessels. Tarriela’s Facebook post on Wednesday included a photo of him giving a
Syrian President Ahmed al-Sharaa on Sunday announced a deal with the chief of Kurdish-led forces that includes a ceasefire, after government troops advanced across Kurdish-held areas of the country’s north and east. Syrian Kurdish leader Mazloum Abdi said he had agreed to the deal to avoid a broader war. He made the decision after deadly clashes in the Syrian city of Raqa on Sunday between Kurdish-led forces and local fighters loyal to Damascus, and fighting this month between the Kurds and government forces. The agreement would also see the Kurdish administration and forces integrate into the state after months of stalled negotiations on
RSS