Global demonstrations targeting predominantly Russian cybersecurity offenders - Global law enforcement action against predominantly Russian cybercriminals
Global Takedown of Primarily Russian Cybercriminals: Key Details
In a significant crackdown on cybercrime, participating nations reportedly took control of around 300 servers worldwide, with approximately 50 of these situated in Germany. Moreover, over 650 internet domains were neutralized, considerably weakening the technical infrastructure of the perpetrators. Notably, law enforcement also confiscated cryptocurrency valued at roughly €3.5 million at the time.
The operation, dubbed "Operation Endgame," was initiated by Germany in 2022. Holger Münch, BKA (Federal Criminal Police Office) President, stated, "Our strategies in the supposedly anonymous darknet are effective," highlighting the significance these measures hold for cybersecurity.
Germany's General Prosecutor's Office Frankfurt and several international partners, including the Netherlands, Denmark, the United Kingdom, Canada, the USA, France, Europe, and the UK's National Crime Agency, collaborated in this operation.
Investigations are ongoing in Germany, focusing on suspected organized extortion and membership in a foreign criminal organization. International arrest warrants have been issued for 20 suspects, most of whom are Russian, in Germany alone.
The targeted cybercriminals are believed to be linked to various malware families, such as Trickbot, Qakbot, Bumblebee, Latrodectus, Hijackloader, and Warmcookie. One of the suspects, Rustam Rafailevich Gallyamov, a 48-year-old from Moscow, is federally indicted in the United States for allegedly leading the cybercriminal group behind Qakbot.
Another federal indictment charges 16 Russians with developing and deploying the DanaBot malware, a threat neutralized during the operation. The operation has resulted in the takedown of significant infrastructure, including 50 servers in Germany and 650 malicious domains globally.
While the full names of all 20 suspects have not been disclosed, the group primarily comprises Russian nationals involved in developing and operating some of the most infamous malware strains used in ransomware and cybercrime campaigns worldwide. The operation severely disrupted their command and control infrastructure and froze Bitcoin wallets valued at approximately 3.5 million euros.
The crackdown on cybercriminals, known as "Operation Endgame," involved EC countries such as Germany, the Netherlands, Denmark, the United Kingdom, Canada, the USA, France, and others. This operation targeted Russian cybercriminals who were developing and deploying malware families like Trickbot, Qakbot, and DanaBot, with a focus on cybersecurity and technology.
The Bulgarian Karlos clique, believed to be responsible for creating DanaBot malware, was also neutralized in this operation, demonstrating the wide-ranging impact of this international cooperation on crime-and-justice issues related to cybersecurity.
