A Russian nationwide has been indicted within the US for main the cybercrime group behind the notorious Qakbot malware and botnet.
The person, Rustam Rafailevich Gallyamov, 48, allegedly “developed, deployed, and managed the Qakbot malware starting in 2008”.
Often known as Pinkslipbot and QBot, Qakbot was distributed by means of spam campaigns, hijacked electronic mail threads, or the exploitation of recognized vulnerabilities in internet-facing belongings.
In keeping with the newly unsealed indictment (PDF), beginning 2019, the Qakbot gang, led by Gallyamov, contaminated tons of of hundreds of computer systems worldwide, ensnaring them in a botnet.
Victims of the assaults included healthcare, insurance coverage, manufacturing, advertising and marketing, music, actual property, expertise, and telecommunications organizations within the US.
Gallyamov and his co-conspirators allegedly offered entry to Qakbot-infected machines to different cybercriminals, who deployed ransomware households similar to Black Basta, Cactus, Conti, Doppelpaymer, Egregor, Title Locker, Prolock, and REvil.
Gallyamov himself allegedly contaminated a few of the victims with the Black Basta and Cactus ransomware households.
“Ransomware victims have been then extorted by defendant Gallyamov and his coconspirators to pay ransoms to regain entry to and/or stop the dissemination of their non-public knowledge. Defendant Gallyamov and his coconspirators obtained a portion of any ransom paid,” the indictment reads.Commercial. Scroll to proceed studying.
In August 2023, legislation enforcement companies in a number of nations took down Qakbot’s infrastructure, disrupting the botnet and seizing tens of millions of {dollars} in cryptocurrency. Quickly after, nevertheless, the Qakbot gang was seen persevering with the deployment of ransomware and malware.
In keeping with the indictment, as of Could 2025, Gallyamov continues to interact in actions involving laptop hacking, malware deployment, knowledge theft, and extortion. As a substitute of utilizing a botnet, the cybercriminal has relied on ‘spam bombing’ to focus on sufferer organizations.
A civil forfeiture criticism (PDF) filed by the Division of Justice on Thursday reveals that, on April 25, 2025, pursuant to a seizure warrant, authorities seized an extra $4 million in cryptocurrency from Gallyamov. The US estimates that the illicit proceeds seized from Gallyamov are value over $24 million.
The actions in opposition to Gallyamov have been taken along side Operation Endgame, an ongoing worldwide legislation enforcement effort to disrupt cybercrime operations worldwide. This week, authorities introduced the takedown of DanaBot and Lumma Stealer as a part of Operation Endgame.
Associated: US Broadcasts Botnet Takedown, Fees Towards Russian Directors
Associated: US Indicts China’s iSoon ‘Hackers-for-Rent’ Operatives
Associated: US Fees Genesis Market Consumer
Associated: US Fees 5 Folks Over North Korean IT Employee Scheme