16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide

“LOS ANGELES – A federal grand jury indictment and criminal complaint unsealed today charge 16 defendants who allegedly developed and deployed the DanaBot malware which a Russia-based cybercrime organization controlled and deployed, infecting more than 300,000 victim computers around the world, facilitated fraud and ransomware, and caused at least $50 million in damage.”

“The defendants include Aleksandr Stepanov, 39, a.k.a. ‘JimmBee,’ and Artem Aleksandrovich Kalinkin, 34, a.k.a. ‘Onix’, both of Novosibirsk, Russia. Stepanov was charged with conspiracy, conspiracy to commit wire fraud and bank fraud, aggravated identity theft, unauthorized access to a protected computer to obtain information, unauthorized impairment of a protected computer, wiretapping, and use of an intercepted communication.”

“Kalinkin was charged with conspiracy to gain unauthorized access to a computer to obtain information, to gain unauthorized access to a computer to defraud, and to commit unauthorized impairment of a protected computer. Both defendants are believed to be in Russia and are not in custody.”

“According to the indictment and complaint, DanaBot malware used a variety of methods to infect victim computers, including spam email messages containing malicious attachments or hyperlinks. Victim computers infected with DanaBot malware became part of a botnet (a network of compromised computers), enabling the operators and users of the botnet to remotely control the infected computers in a coordinated manner. The owners and operators of the victim computers are typically unaware of the infection.”

“The DanaBot malware allegedly operated on a malware-as-a-service model, with the administrators leasing access to the botnet and support tools to client coconspirators for a fee that was typically several thousand dollars a month. The DanaBot malware was multi-featured and had extensive capabilities to exploit victim computers. It could be used to steal data from victim computers, and to hijack banking sessions, steal device information, user browsing histories, stored account credentials, and virtual currency wallet information.”

“DanaBot also had the capability to provide full remote access to victim computers, to record keystrokes, and record videos showing the activity of users on victim computers. DanaBot has further been used as an initial means of infection for other forms of malware, including ransomware. The DanaBot malware has infected over 300,000 computers around the world, and caused damage estimated to exceed $50 million.”

“DanaBot administrators operated a second version of the botnet that was used to target victim computers in military, diplomatic, government, and related entities. This version of the botnet recorded all interactions with the computer and sent stolen data to a different server than the fraud-oriented version of DanaBot. This variant was allegedly used to target diplomats, law enforcement personnel, and members of the military in North America, and Europe.”

“If convicted, Kalinkin would face a statutory maximum sentence of 72 years in federal prison, and Stepanov would face a statutory maximum sentence of five years in federal prison.”

“As part of today’s operation, Defense Criminal Investigative Service (DCIS) agents effected seizures and takedowns of DanaBot command and control servers, including dozens of virtual servers hosted in the United States. The U.S. government is now working with partners including the Shadowserver Foundation to notify DanaBot victims and help remediate infections.”

“These law enforcement actions were taken in conjunction with Operation Endgame, an ongoing, coordinated effort among international law enforcement agencies aimed at dismantling and prosecuting cybercriminal organizations around the world.”

“Amazon, Crowdstrike, ESET, Flashpoint, Google, Intel 471, Lumen, PayPal, Proofpoint, Spycloud, Team CYMRU, and ZScaler provided valuable assistance.” (Source: US Department of Justice)