International Law Enforcement Agencies Unite to Take Down Malware Operations

In a major breakthrough, European and North American cybercrime investigators have dismantled the heart of a malware operation directed by Russian criminals, issuing international arrest warrants for 20 suspects, most of whom are living in Russia. The operation, led by the German crime agency, Bundeskriminalamt (BKA), involved British, Canadian, Danish, Dutch, French, German, and US police, and was the result of a global investigation that spanned several years.

The suspects include the alleged leaders of the Qakbot and Danabot malware operations, including Rustam Rafailevich Gallyamov, 48, who lives in Moscow, and Aleksandr Stepanov, 39, also known as JimmBee, and Artem Aleksandrovich Kalinkin, 34, also known as Onix, both of Novosibirsk, Russia. The US Department of Justice has also unsealed indictments against 16 individuals, including the alleged leaders of the DanaBot malware operation.

The malware operations, including Qakbot, Danabot, and Trickbot, have been responsible for infecting over 300,000 computers worldwide, particularly in the US, Australia, Poland, India, and Italy. The malware was advertised on Russian-language criminal forums and had an espionage variant used to target military, diplomatic, government, and non-governmental organizations.

The operation, code-named “Endgame,” was instigated by the German authorities in 2022, and was a significant blow to the cybercrime network. The BKA president, Holger Münch, said that Germany was a particular focus of cybercriminals, and that the operation demonstrated that law enforcement strategies can be effective even in the darknet.

The suspects are believed to be operating in Russia, with some also based in Dubai, and their extradition to Europe or the US is unlikely. However, their identification is significant and damaging to them, and marks a major victory for international law enforcement agencies in their efforts to combat cybercrime.

The operation highlights the growing threat of cybercrime, particularly in the form of malware operations that can destabilize governments or engage in simple theft and blackmail. The high-street retailer Marks & Spencer is one of the most recent victims in the UK, and the Europeans are leading the way in tracking down suspects believed to be involved in the Qakbot malware family.

The Conti group, considered to be the most professional and best-organized ransomware blackmail group in the world, was also targeted in the operation. The group’s leader, Vitalii Nikolayevich Kovalev, 36, is believed to be living in Moscow, and is described as one of the “most successful blackmailers in the history of cybercrime” by German investigators. Kovalev’s cryptowallet is said to be worth about €1bn.

The operation is a significant step forward in the fight against cybercrime, and demonstrates the effectiveness of international cooperation in taking down malware operations.