The infamous DanaBot botnet has been severely disrupted as a part of a world legislation enforcement operation, which additionally concerned expenses and arrest warrants focusing on over a dozen people.
The takedown effort is a part of Operation Endgame, which up to now additionally focused malware households corresponding to Lumma Stealer, Smokeloader, TrickBot, and Bumblebee.
Europol introduced that within the newest part of Operation Endgame, which focused DanaBot and different malware households that reemerged after earlier takedown efforts, authorities and personal sector companions aimed to interrupt the ransomware killchain on the supply, taking down roughly 300 servers and 650 domains, with worldwide arrest warrants being issued for 20 people.
As a part of Operation Endgame, legislation enforcement seized a complete of $24 million price of cryptocurrency, together with $4 million within the newest motion.
The US Justice Division mentioned on Thursday that the DanaBot botnet was disrupted after it ensnared greater than 300,000 computer systems worldwide, facilitating fraud and ransomware assaults that precipitated losses of not less than $50 million.
The DoJ has unsealed expenses in opposition to 16 people accused of being concerned within the growth and deployment of DanaBot. The checklist contains key gamers Aleksandr Stepanov, 39, aka JimmBee, and Artem Aleksandrovich Kalinkin, 34, aka Onix, each of Novosibirsk, Russia.
They each stay at massive, but when ever prosecuted in the US, Kalinkin faces as much as 72 years in jail for the costs introduced in opposition to him, whereas Stepanov faces as much as 5 years in jail.
Cybersecurity blogger Brian Krebs identified that Kalinkin is an IT engineer on the Russian state-owned vitality large Gazprom.Commercial. Scroll to proceed studying.
Courtroom paperwork revealed that most of the cybercriminals have been recognized after they by accident contaminated their very own computer systems with the DanaBot malware.
DanaBot has been round since 2018. It initially focused nations corresponding to Ukraine, Poland, Austria, Italy, Germany and Australia, and rapidly expanded to North America.
DanaBot, supplied beneath a malware-as-a-service mannequin, was initially a banking trojan, enabling customers to steal delicate information from contaminated methods. It later developed right into a distribution platform and loader for different malware households, together with ransomware.
A number of cybersecurity corporations assisted the legislation enforcement motion. In accordance with Proofpoint, the malware was utilized by a number of main cybercrime teams between 2018 and 2020, being primarily delivered via malicious emails. In mid-2020, it disappeared from the e-mail risk panorama, however a resurgence was seen in mid-2024.
Even whereas it was not being distributed through e mail campaigns, the malware was nonetheless utilized by cybercriminals, who leveraged malvertising and search engine optimisation poisoning for distribution.
CrowdStrike, which tracks the risk actor as Scully Spider, famous that the group’s actions have been tolerated by the Russian authorities.
That’s possible as a result of, along with profit-driven cybercrime actions, some DanaBot sub-botnets have been used to help Russia’s army operations, notably in opposition to Ukraine, whereas different sub-botnets have been used for espionage on behalf of the Russian authorities.
The Justice Division famous that the botnet model specializing in espionage focused diplomats, legislation enforcement personnel, and members of the army in North America and Europe.
Lumen Applied sciences, whose Black Lotus Labs assisted legislation enforcement, mentioned DanaBot had, on common, 150 lively command and management (C&C) servers per day, which makes it one of many largest malware-as-a-service platforms by way of C&C depend. Black Lotus and Staff Cymru have performed analysis into the botnet’s infrastructure.
“It stays to be seen whether or not Danabot can get better from the takedown,” mentioned ESET researcher Tomáš Procházka. “The blow will, nonetheless, absolutely be felt, since legislation enforcement managed to unmask a number of people concerned within the malware’s operations.”
Associated: US Scholar to Plead Responsible Over PowerSchool Hack
Associated: Jail Sentence for Man Concerned in SEC X Account Hack
