Feds Charge 16 Russians Allegedly Tied to Botnets Used in Ransomware, Cyberattacks, and Spying

The ecological system of infiltrators In Russia, more than anywhere in the world, it led to the lack of clarity of the lines between electronic crime, Cyberwarfare, and spying. Now, an indictment of a group of Russian citizens and the removal of sprawling robots provided a more clear example in how one malicious operation enables various piracy operations such as e -phone ransom in Ukraine, and spying against foreign governments.

The US Department of Justice announced today a criminal charges today against 16 individuals, and law enforcement authorities have linked the process of harmful programs known as Danabot, which was according to the complaint of at least 300,000 machines around the world. The Ministry of Justice announces the Group’s charges as “its headquarters in Russia”, and it calls two suspects, Alexander Stepanov and Artem Alexandrovich Kalinkin, as a living in Novosibirk, Russia. Five other suspects are named in the indictment, while only nine others are identified through their borrowed names. In addition to those charges, the Ministry of Justice says that the Defense Criminal Investigation Service (DCIS) – a criminal investigation arm of the Ministry of Defense – received seizures on Danabbut’s infrastructure around the world, including in the United States.

Regardless of the claim of how Danabbut is used in a profitable criminal piracy, the indictment also provides a rare claim-it describes how the second alternative to harmful programs that he says is used in spying against military and government targets and NGOs. “The harmful programs like Danabbot harm hundreds of thousands of victims around the world, including the sensitive military, diplomatic and government entities, and cause millions of dollars in losses,” said American lawyer Bill Islelli in a statement.

Since 2018, Danapot – who described him in the criminal complaint as “incredibly harmful software” – has been injured – millions of computers worldwide, at the beginning as a banking Trojan designed to theft directly from the owners of personal computers with normative features designed for credit card and cryptocurrency stealing. Since creators claim that they are in a “continued” model that made it available to other infiltrators’ groups in an amount ranging between 3000 and 4000 dollars per month, however, it was soon used as a tool to install various forms of harmful programs in a wide range of operations, including the ransom. Its goals have also spread quickly from the first victims in Ukraine, Poland, Italy, Germany, Austria and Australia to American and Canadian financial institutions, according to the analysis of the operation by Crowdstrike.

At one point in 2021, according to Crowdstrike, Danabot was used in the program supply of software supply that hides harmful programs in the Javascript Tool called NPM with millions of weekly downloads. Crowdstrike found the victims of this tool at risk through the financial, transportation, technology and media industries.

This scale and the wide range of its criminal uses made Danabot “tyrant of the electronic scene of crimes”, according to Selena Larson, a researcher threatening employees at the Cyber ​​Security Company.

More unique, though, Danabot was also used sometimes for piracy campaigns that seem sponsored by the state or associated with the interests of the Russian government agency. In 2019 and 2020, it was used to target a handful of Western government officials in clear espionage, according to the accusation of the Ministry of Justice. According to ProofPoint, harmful programs were delivered in those cases in the messages of Takhamid, which impersonated the personality of the Organization for Security and Cooperation in Europe and the entity of the Kazakhstan government.