A major global cybercrime operation has been dealt a significant blow after an international operation led to the indictment of 16 individuals associated with a global cybercrime network using the infamous DanaBot banking malware, law enforcement authorities announced today.
Operation Endgame, an international law enforcement operation, has disrupted the infrastructure of GozNym, an international cybercriminal network responsible for the development, operation, and dissemination of a banking trojan by the same name that is believed to have stolen millions of dollars from its victims.
The indictment, which was unsealed by the U.S. Department of Justice, detailed that the 16 defendants allegedly created, spread, and controlled the DanaBot malware, which at its height compromised over 300,000 computers around the world.
The sophisticated malware-as-a-service (MaaS) scheme allowed cybercriminals to obtain sensitive information, compromise banks accounts and deploy ransomware.
Particularly, one version of DanaBot was also leveraged to attack military, diplomatic and government organisations in Europe and North America for the sake of spying.
The Russia-based cybercrime outfit responsible for DanaBot also rented out the malware and associated malspamming and support utilities to other crooks for a few thousand dollars per month, according to court documents.
The malware featured an expansive list of malicious functions, including keylogging and screen recording, and offered full remote control of infected systems. It was also leveraged to proceed with other malware, including many strains of ransomware.
Today’s announcement of the takedown follows a sprawling investigation by the FBI’s Anchorage Field Office and the Defense Criminal Investigative Service (DCIS), with critical support provided by international partners in Germany, the Netherlands, and Australia, and dozens of cybersecurity firms.
Two leading figures whom officials believe are in Russia, Aleksandr Stepanov, 39, known as JimmBee, and Artem Aleksandrovich Kalinkin, 34, known as Onix, were indicted.
Although the individuals are not in custody, the charges demonstrate that international law enforcement remains determined to track down cyber-criminals.
“Global malware like DanaBot victimize hundreds of thousands of people worldwide, including sensitive military, diplomatic and government targets, and costs millions of dollars in damages,” said United States Attorney Bill Essayli for the Central District of California.
“Today’s charges and seizures demonstrate the department’s commitment to unmasking the perpetrators behind these sophisticated attacks, and to holding them accountable wherever they are,” he said.
This takedown represents yet another major victory for Operation Endgame, an ongoing effort to identify and dismantle the global infrastructure of many of the most prevalent malware operations. Operations Endgame Additional ENF operations are anticipated to follow.
Cybersecurity researchers think that taking down the DanaBot network will cause a “fairly sizable” disruption in the cybercrime industry, because criminals will have to adjust their tactics, and because the takedown could erode trust in criminal communities.
