Global Cybercrime Crackdown Targets Russian Hackers Behind Major Malware Attacks

In a major international crackdown, cybercrime investigators from Europe and North America say they have taken down a key part of a global malware network run by Russian criminals. The joint effort involved police from the UK, US, Canada, Germany, France, Denmark, and the Netherlands.

European authorities have issued arrest warrants for 20 suspects, most of them believed to be living in Russia. At the same time, US officials have charged 16 people, including the alleged leaders of the Qakbot and Danabot malware operations.

Those named include:

• Rustam Gallyamov (48) from Moscow

• Aleksandr Stepanov (39) a.k.a. JimmBee

• Artem Kalinkin (34) a.k.a. Onix – both from Novosibirsk

These individuals are accused of spreading malware that allowed criminals to steal money, data, and hold companies to ransom.

One of the most wanted suspects is Vitalii Kovalev (36), a Russian national already on the US most-wanted list. Investigators say he ran Conti, one of the world’s most powerful ransomware groups, and was behind hundreds of attacks targeting companies, especially in the US. His digital wallet is estimated to hold nearly €1 billion in cryptocurrency.

The German Federal Criminal Police (BKA), which led the operation named Endgame, said they identified 37 suspects and had enough evidence to issue 20 arrest warrants. The suspects are connected to three major malware strains: Qakbot, Danabot, and Trickbot.

The BKA also named a Ukrainian suspect, Roman Prokop (36), believed to be part of the Qakbot operation.

The malware targeted over 300,000 computers worldwide, including in the US, Australia, India, Poland, and Italy. In some cases, special versions were used to spy on government and military organizations, with stolen data sent to servers inside Russia.

German police chief Holger Münch said that while extraditing the suspects from Russia is unlikely, naming them is still a major blow to their operations.

“This shows that our strategies work, even on the dark web,” Münch said.

The Conti group was especially active between 2010 and 2022, hitting US hospitals hard during the COVID-19 pandemic. US authorities even offered a $10 million reward for information leading to its leaders.

Authorities say that while the suspects may remain out of reach for now, the operation has sent a strong message that cybercriminals can and will be tracked down.