Central District of California 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide United States Department of Justice
pAn official website of the United States governmentppHeres how you knowpp
Official websites use gov
A gov website belongs to an official government organization in the United States
pp
Secure gov websites use HTTPS
A lock
Lock
Locked padlock
or https means youve safely connected to the gov website Share sensitive information only on official secure websites
ppLOS ANGELES A federal grand jury indictment and criminal complaint unsealed today charge 16 defendants who allegedly developed and deployed the DanaBot malware which a Russiabased cybercrime organization controlled and deployed infecting more than 300000 victim computers around the world facilitated fraud and ransomware and caused at least 50 million in damageppThe defendants include Aleksandr Stepanov 39 aka JimmBee and Artem Aleksandrovich Kalinkin 34 aka Onix both of Novosibirsk Russia Stepanov was charged with conspiracy conspiracy to commit wire fraud and bank fraud aggravated identity theft unauthorized access to a protected computer to obtain information unauthorized impairment of a protected computer wiretapping and use of an intercepted communicationppKalinkin was charged with conspiracy to gain unauthorized access to a computer to obtain information to gain unauthorized access to a computer to defraud and to commit unauthorized impairment of a protected computer Both defendants are believed to be in Russia and are not in custodyppAccording to the indictment and complaint DanaBot malware used a variety of methods to infect victim computers including spam email messages containing malicious attachments or hyperlinks Victim computers infected with DanaBot malware became part of a botnet a network of compromised computers enabling the operators and users of the botnet to remotely control the infected computers in a coordinated manner The owners and operators of the victim computers are typically unaware of the infectionppThe DanaBot malware allegedly operated on a malwareasaservice model with the administrators leasing access to the botnet and support tools to client coconspirators for a fee that was typically several thousand dollars a month The DanaBot malware was multifeatured and had extensive capabilities to exploit victim computers It could be used to steal data from victim computers and to hijack banking sessions steal device information user browsing histories stored account credentials and virtual currency wallet informationppDanaBot also had the capability to provide full remote access to victim computers to record keystrokes and record videos showing the activity of users on victim computers DanaBot has further been used as an initial means of infection for other forms of malware including ransomware The DanaBot malware has infected over 300000 computers around the world and caused damage estimated to exceed 50 millionppDanaBot administrators operated a second version of the botnet that was used to target victim computers in military diplomatic government and related entities This version of the botnet recorded all interactions with the computer and sent stolen data to a different server than the fraudoriented version of DanaBot This variant was allegedly used to target diplomats law enforcement personnel and members of the military in North America and EuropeppPervasive malware like DanaBot harms hundreds of thousands of victims around the world including sensitive military diplomatic and government entities and causes many millions of dollars in losses said United States Attorney Bill Essayli for the Central District of California The charges and actions announced today demonstrate our commitment to eradicating the largest threats to global cybersecurity and pursuing the most malicious cyber actors wherever they are located ppThe enforcement actions announced today made possible by enduring law enforcement and industry partnerships across the globe disrupted a significant cyber threat group who were profiting from the theft of victim data and the targeting of sensitive networks said Special Agent in Charge Kenneth DeChellis of the Department of Defense Office of Inspector General Defense Criminal Investigative Service DCIS Cyber Field Office The DanaBot malware was a clear threat to the Department of Defense and our partners DCIS will vigorously defend our infrastructure personnel and intellectual propertyppTodays announcement represents a significant step forward in the FBIs ongoing efforts to disrupt and dismantle the cybercriminal ecosystem that wreaks havoc on global digital security said Special Agent in Charge Rebecca Day of the FBI Anchorage Field Office We are grateful for the coordinated efforts of our domestic and international law enforcement partners in holding cyber criminals accountable no matter where they operateppAn indictment is merely an allegation All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of lawppIf convicted Kalinkin would face a statutory maximum sentence of 72 years in federal prison and Stepanov would face a statutory maximum sentence of five years in federal prisonppAs part of todays operation Defense Criminal Investigative Service DCIS agents effected seizures and takedowns of DanaBot command and control servers including dozens of virtual servers hosted in the United States The US government is now working with partners including the Shadowserver Foundation to notify DanaBot victims and help remediate infectionsppThese law enforcement actions were taken in conjunction with Operation Endgame an ongoing coordinated effort among international law enforcement agencies aimed at dismantling and prosecuting cybercriminal organizations around the worldppAmazon Crowdstrike ESET Flashpoint Google Intel 471 Lumen PayPal Proofpoint Spycloud Team CYMRU and ZScaler provided valuable assistanceppThe investigation into DanaBot was led by the FBIs Anchorage Field Office and the Defense Criminal Investigative Service working closely with Germanys Bundeskriminalamt BKA the Netherlands National Police and the Australian Federal Police The Justice Departments Office of International Affairs provided significant assistanceppAssistant United States Attorney Aaron Frumkin of the Cyber and Intellectual Property Crimes Section is prosecuting these cases Assistant United States Attorney James E Dochterman of the Asset Forfeiture and Recovery Section is handling the forfeiture caseppCiaran McEvoyPublic Information Officerciaranmcevoyusdojgov213 8944465ppFive men have pleaded guilty for their roles in laundering more than 369 million from victims of an international digital asset investment scam conspiracy that was carried out from scamppA federal grand jury indictment unsealed today charges a Russian national with leading a group of cyber criminals that developed and deployed the Qakbot malware that infected thousands of computersppThe Justice Department today announced the courtauthorized seizure of nine internet domains associated with some of the worlds leading DDoSforhire services Polands Central Cybercrime Bureau simultaneously announced the arrests ofppCentral District of California312 N Spring St Suite 1200Los Angeles CA 90012ppPhone 213 8942400Fax 213 8940141ppStay ConnectedppppHave a question about Government Servicesp
Official websites use gov
A gov website belongs to an official government organization in the United States
pp
Secure gov websites use HTTPS
A lock
Lock
Locked padlock
or https means youve safely connected to the gov website Share sensitive information only on official secure websites
ppLOS ANGELES A federal grand jury indictment and criminal complaint unsealed today charge 16 defendants who allegedly developed and deployed the DanaBot malware which a Russiabased cybercrime organization controlled and deployed infecting more than 300000 victim computers around the world facilitated fraud and ransomware and caused at least 50 million in damageppThe defendants include Aleksandr Stepanov 39 aka JimmBee and Artem Aleksandrovich Kalinkin 34 aka Onix both of Novosibirsk Russia Stepanov was charged with conspiracy conspiracy to commit wire fraud and bank fraud aggravated identity theft unauthorized access to a protected computer to obtain information unauthorized impairment of a protected computer wiretapping and use of an intercepted communicationppKalinkin was charged with conspiracy to gain unauthorized access to a computer to obtain information to gain unauthorized access to a computer to defraud and to commit unauthorized impairment of a protected computer Both defendants are believed to be in Russia and are not in custodyppAccording to the indictment and complaint DanaBot malware used a variety of methods to infect victim computers including spam email messages containing malicious attachments or hyperlinks Victim computers infected with DanaBot malware became part of a botnet a network of compromised computers enabling the operators and users of the botnet to remotely control the infected computers in a coordinated manner The owners and operators of the victim computers are typically unaware of the infectionppThe DanaBot malware allegedly operated on a malwareasaservice model with the administrators leasing access to the botnet and support tools to client coconspirators for a fee that was typically several thousand dollars a month The DanaBot malware was multifeatured and had extensive capabilities to exploit victim computers It could be used to steal data from victim computers and to hijack banking sessions steal device information user browsing histories stored account credentials and virtual currency wallet informationppDanaBot also had the capability to provide full remote access to victim computers to record keystrokes and record videos showing the activity of users on victim computers DanaBot has further been used as an initial means of infection for other forms of malware including ransomware The DanaBot malware has infected over 300000 computers around the world and caused damage estimated to exceed 50 millionppDanaBot administrators operated a second version of the botnet that was used to target victim computers in military diplomatic government and related entities This version of the botnet recorded all interactions with the computer and sent stolen data to a different server than the fraudoriented version of DanaBot This variant was allegedly used to target diplomats law enforcement personnel and members of the military in North America and EuropeppPervasive malware like DanaBot harms hundreds of thousands of victims around the world including sensitive military diplomatic and government entities and causes many millions of dollars in losses said United States Attorney Bill Essayli for the Central District of California The charges and actions announced today demonstrate our commitment to eradicating the largest threats to global cybersecurity and pursuing the most malicious cyber actors wherever they are located ppThe enforcement actions announced today made possible by enduring law enforcement and industry partnerships across the globe disrupted a significant cyber threat group who were profiting from the theft of victim data and the targeting of sensitive networks said Special Agent in Charge Kenneth DeChellis of the Department of Defense Office of Inspector General Defense Criminal Investigative Service DCIS Cyber Field Office The DanaBot malware was a clear threat to the Department of Defense and our partners DCIS will vigorously defend our infrastructure personnel and intellectual propertyppTodays announcement represents a significant step forward in the FBIs ongoing efforts to disrupt and dismantle the cybercriminal ecosystem that wreaks havoc on global digital security said Special Agent in Charge Rebecca Day of the FBI Anchorage Field Office We are grateful for the coordinated efforts of our domestic and international law enforcement partners in holding cyber criminals accountable no matter where they operateppAn indictment is merely an allegation All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of lawppIf convicted Kalinkin would face a statutory maximum sentence of 72 years in federal prison and Stepanov would face a statutory maximum sentence of five years in federal prisonppAs part of todays operation Defense Criminal Investigative Service DCIS agents effected seizures and takedowns of DanaBot command and control servers including dozens of virtual servers hosted in the United States The US government is now working with partners including the Shadowserver Foundation to notify DanaBot victims and help remediate infectionsppThese law enforcement actions were taken in conjunction with Operation Endgame an ongoing coordinated effort among international law enforcement agencies aimed at dismantling and prosecuting cybercriminal organizations around the worldppAmazon Crowdstrike ESET Flashpoint Google Intel 471 Lumen PayPal Proofpoint Spycloud Team CYMRU and ZScaler provided valuable assistanceppThe investigation into DanaBot was led by the FBIs Anchorage Field Office and the Defense Criminal Investigative Service working closely with Germanys Bundeskriminalamt BKA the Netherlands National Police and the Australian Federal Police The Justice Departments Office of International Affairs provided significant assistanceppAssistant United States Attorney Aaron Frumkin of the Cyber and Intellectual Property Crimes Section is prosecuting these cases Assistant United States Attorney James E Dochterman of the Asset Forfeiture and Recovery Section is handling the forfeiture caseppCiaran McEvoyPublic Information Officerciaranmcevoyusdojgov213 8944465ppFive men have pleaded guilty for their roles in laundering more than 369 million from victims of an international digital asset investment scam conspiracy that was carried out from scamppA federal grand jury indictment unsealed today charges a Russian national with leading a group of cyber criminals that developed and deployed the Qakbot malware that infected thousands of computersppThe Justice Department today announced the courtauthorized seizure of nine internet domains associated with some of the worlds leading DDoSforhire services Polands Central Cybercrime Bureau simultaneously announced the arrests ofppCentral District of California312 N Spring St Suite 1200Los Angeles CA 90012ppPhone 213 8942400Fax 213 8940141ppStay ConnectedppppHave a question about Government Servicesp
