European and North American cybercrime investigators said they have dismantled the heart of a malware operation directed by Russian criminals after a global operation involving British, Canadian, Danish, Dutch, French, German and US police.
International arrest warrants have been issued for 20 suspects, most of them living in Russia, by European investigators, while indictments were unsealed in the US against 16 people.
Those charged include the alleged leaders of the Qakbot and Danabot malware operations, including Rustam Rafailevich Gallyamov, 48, who lives in Moscow and Aleksandr Stepanov, 39, AKA JimmBee, and Artem Aleksandrovich Kalinkin, 34, AKA Onix, both of Novosibirsk, Russia, the US Department of Justice said.
Photo: Reuters
Cyberattacks aimed at destabilizing governments or simple theft and blackmail are becoming increasingly pernicious. The high-street retailer Marks & Spencer is one of the most high-profile and recent victims in the UK this month.
The Europeans, led by the German crime agency, Bundeskriminalamt (BKA), released public appeals in their attempts to track down 18 suspects believed to be involved in the Qakbot malware family, along with a third malware known as Trickbot.
BKA and its international counterparts said the majority of the suspects were Russians. The Russian national Vitalii Nikolayevich Kovalev, 36, already wanted in the US, is one of BKA’s most wanted.
He is allegedly behind Conti, considered to be the most professional and best-organized ransomware blackmail group in the world, with Kovalev described as one of the “most successful blackmailers in the history of cybercrime” by German investigators.
Using the pseudonyms Stern and Ben, BKA said that he is claimed to have attacked hundreds of companies worldwide and extracted large ransom payments from them.
Kovolev, 36, from Volgorod, is believed to be living in Moscow, where several firms are registered in his name. He was identified by US investigators in 2023 as having been a member of Trickbot.
Investigators also believe he was at the helm of Conti and other blackmail groups, such as Royal and Blacksuit, founded in 2022. His own cryptowallet is said to be worth about 1 billion euros (US$1.1 billion)
BKA said that of the 37 perpetrators they identified, they had enough evidence to issue 20 arrest warrants.
The US attorney’s office in California unsealed the details of charges against 16 defendants who allegedly “developed and deployed the DanaBot malware.”
The criminal infiltrations into victims’ computers were “controlled and deployed” by a Russia-based cybercrime organization that has infected more than 300,000 computers around the world, particularly in the US, Australia, Poland, India and Italy.
It was advertised on Russian-language criminal forums and also had an “espionage variant used to target military, diplomatic, government and non-governmental organizations,” the indictment says.
“For this variant, separate servers were established, such that data stolen from these victims was ultimately stored in the Russian Federation,” it added.
Gaza is rapidly running out of its limited fuel supply and stocks of food staples might become tight, officials said, after Israel blocked the entry of fuel and goods into the war-shattered territory, citing fighting with Iran. The Israeli military closed all Gaza border crossings on Saturday after announcing airstrikes on Iran carried out jointly with the US. Israeli authorities late on Monday night said that they would reopen the Kerem Shalom crossing from Israel to Gaza yesterday, for “gradual entry of humanitarian aid” into the strip, without saying how much. Israeli authorities previously said the crossings could not be operated safely during
Hungarian authorities temporarily detained seven Ukrainian citizens and seized two armored cars carrying tens of millions of euros in cash across Hungary on suspicion of money laundering, officials said on Friday. The Ukrainians were released on Friday, following their detention on Thursday, but Hungarian officials held onto the cash, prompting Ukraine to accuse Hungary’s Russia-friendly government of illegally seizing the money. “We will not tolerate this state banditism,” Ukrainian Minister of Foreign Affairs Andrii Sybiha said. The seven detained Ukrainians were employees of the Ukrainian state-owned Oschadbank, who were traveling in the two armored cars that were carrying the money between Austria and
Kosovar President Vjosa Osmani on Friday after dissolving the Kosovar parliament said a snap election should be held as soon as possible to avoid another prolonged political crisis in the Balkan country at a time of global turmoil. Osmani said it is important for Kosovo to wrap up the upcoming election process and form functional institutions for political stability as the war rages in the Middle East. “Precisely because the geopolitical situation is that complex, it is important to finish this electoral process which is coming up,” she said. “It is very hard now to imagine what will happen next.” Kosovo, which declared
MORE BANS: Australia last year required sites to remove accounts held by under-16s, with a few countries pushing for similar action at an EU level and India considering its own ban Indonesia on Friday said it would ban social media access for children under 16, citing threats from online pornography, cyberbullying, online fraud and Internet addiction. “Accounts belonging to children under 16 on high-risk platforms will start to be deactivated, beginning with YouTube, TikTok, Facebook, Instagram, Threads, X, Bigo Live and Roblox,” Indonesian Minister of Communications and Digital Meutya Hafid said. “The government is stepping in so that parents no longer have to fight alone against the giants of the algorithm. Implementation will begin on March 28, 2026,” she said. The social media ban would be introduced in stages “until all platforms fulfill their
RSS