Feds Charge 16 Russians Allegedly Tied to Botnets Used in Ransomware, Cyberattacks, and Spying

The hacker ecosystem successful Russia, much than possibly anyplace other successful nan world, has long blurred nan lines betwixt cybercrime, state-sponsored cyberwarfare, and espionage. Now an indictment of a group of Russian nationals and nan takedown of their sprawling botnet offers nan clearest illustration successful years of really a azygous malware cognition allegedly enabled hacking operations arsenic varied arsenic ransomware, wartime cyberattacks successful Ukraine, and spying against overseas governments.

The US Department of Justice coming announced criminal charges coming against 16 individuals rule enforcement authorities person linked to a malware cognition known arsenic DanaBot, which according to a complaint infected astatine slightest 300,000 machines astir nan world. The DOJ’s announcement of nan charges describes nan group arsenic “Russia-based,” and names 2 of nan suspects, Aleksandr Stepanov and Artem Aleksandrovich Kalinkin, arsenic surviving successful Novosibirsk, Russia. Five different suspects are named successful nan indictment, while different 9 are identified only by their pseudonyms. In summation to those charges, nan Justice Department says nan Defense Criminal Investigative Service (DCIS)—a criminal investigation limb of nan Department of Defense—carried retired seizures of DanaBot infrastructure astir nan world, including successful nan US.

Aside from alleging really DanaBot was utilized successful for-profit criminal hacking, nan indictment besides makes a rarer claim—it describes really a 2nd version of nan malware it says was utilized successful espionage against military, government, and NGO targets. “Pervasive malware for illustration DanaBot harms hundreds of thousands of victims astir nan world, including delicate military, diplomatic, and authorities entities, and causes galore millions of dollars successful losses,” US lawyer Bill Essayli wrote successful a statement.

Since 2018, DanaBot—described successful nan criminal title arsenic “incredibly invasive malware”—has infected millions of computers astir nan world, initially arsenic a banking trojan designed to bargain straight from those PCs' owners pinch modular features designed for in installments paper and cryptocurrency theft. Because its creators allegedly sold it successful an “affiliate” exemplary that made it disposable to different hacker groups for $3,000 to $4,000 a month, however, it was soon utilized arsenic a instrumentality to instal different forms of malware successful a wide array of operations, including ransomware. Its targets, too, quickly dispersed from first victims successful Ukraine, Poland, Italy, Germany, Austria, and Australia to US and Canadian financial institutions, according to an analysis of nan cognition by cybersecurity patient Crowdstrike.

At 1 constituent successful 2021, according to Crowdstrike, Danabot was utilized successful a package supply-chain onslaught that hid nan malware successful a javascript coding instrumentality called NPM pinch millions of play downloads. Crowdstrike recovered victims of that compromised instrumentality crossed nan financial service, transportation, technology, and media industries.

That standard and nan wide assortment of its criminal uses made DanaBot “a juggernaut of nan e-crime landscape,” according to Selena Larson, a unit threat interrogator astatine cybersecurity patient Proofpoint.

More uniquely, though, DanaBot has besides been utilized astatine times for hacking campaigns that look to beryllium state-sponsored aliases linked to Russian authorities agency interests. In 2019 and 2020, it was utilized to target a fistful of Western authorities officials successful evident espionage operations, according to nan DOJ's indictment. According to Proofpoint, nan malware successful those instances was delivered successful phishing messages that impersonated nan Organization for Security and Cooperation successful Europe and a Kazakhstan authorities entity.