Feds Charge 16 Russians Allegedly Tied to Botnets Used in Cyberattacks and Spying
- On May 22, 2025, criminal charges were publicly announced against 16 Russian nationals accused of running the DanaBot malware operation from within Russia.
- The charges follow investigations revealing that DanaBot, active since 2018, spread globally, targeting financial institutions and sensitive military and government networks.
- DanaBot initially functioned as a banking trojan with modular capabilities to steal credentials and later evolved into an espionage tool used in multiple cybercrime operations including ransomware.
- Authorities seized DanaBot command servers worldwide, reducing active servers from about 30 to 2, with ongoing efforts complicated by servers hosted by Alibaba, supported by global law enforcement and tech firms.
- This disruption marks a significant step in Operation Endgame II, aiming to dismantle cybercriminal networks and highlights alleged Russian government involvement in using DanaBot for espionage.
24 Articles
24 Articles
International investigators, as part of a large-scale special operation, exposed and partially defused a Russian cybercriminal network that infected computers with Qakbot, Danabot, Conti and other malicious programs.
Feds charge 16 Russians allegedly tied to botnets used in cyberattacks and spying
The hacker ecosystem in Russia, more than perhaps anywhere else in the world, has long blurred the lines between cybercrime, state-sponsored cyberwarfare, and espionage. Now an indictment of a group of Russian nationals and the takedown of their sprawling botnet offers the clearest example in years of how a single malware operation allegedly enabled hacking operations as varied as ransomware, wartime cyberattacks in Ukraine, and spying against f…
DanaBot malware operation seized in global takedown
A global collection of private defenders and law enforcement agencies notched another win against a core facilitator for cybercrime, initiating coordinated seizures and takedowns of DanaBot’s command and control servers, disrupting the malware-as-a-service’s operations, the Justice Department said Thursday. Federal officials also unsealed a grand jury indictment and criminal complaint charging 16 individuals for their alleged involvement in the…

Oops: DanaBot Malware Devs Infected Their Own PCs
The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. The FBI says a newer version of DanaBot was used for espionage, and that many of the defendants exposed their real-life identities after accidentally infecting their own systems with the malware. DanaBot’s features, as pro…
About this writes The Guardian.As noted, law enforcement officers from the UK, USA, Canada, Germany, France, Denmark and the Netherlands.According to the investigation, hackers from Russia and related structures infected more than 300 thousand devices in the USA, Europe, Australia, Poland, India and Italy. The purpose of the cyberattackers was to steal data, blackmail, as well as cyber espionage against government, diplomatic and military instit…
Coverage Details
Bias Distribution
- 80% of the sources are Center
To view factuality data please Upgrade to Premium