<
https://www.theguardian.com/technology/2025/may/23/russian-led-cybercrime-network-dismantled-in-global-operation>
"European and North American cybercrime investigators say they have dismantled
the heart of a malware operation directed by Russian criminals after a global
operation involving British, Canadian, Danish, Dutch, French, German and US
police.
International arrest warrants have been issued for 20 suspects, most of them
living in Russia, by European investigators while indictments were unsealed in
the US against 16 individuals.
Those charged include the alleged leaders of the Qakbot and Danabot malware
operations, including Rustam Rafailevich Gallyamov, 48, who lives in Moscow and
Aleksandr Stepanov, 39, AKA JimmBee and Artem Aleksandrovich Kalinkin, 34, AKA
Onix, both of Novosibirsk, Russia, the US Department of Justice said.
Cyber-attacks aimed at destabilising governments or simple theft and blackmail
are becoming increasingly pernicious. The high-street retailer Marks & Spencer
is one of the most high-profile and recent victims in the UK this month.
The Europeans led by the German crime agency, Bundeskriminalamt (BKA) released
public appeals in its attempts to track down 18 suspects believed to be
involved in the Qakbot malware family along with a third malware known as
Trickbot.
BKA and its international counterparts said the majority of the suspects were
Russian citizens. The Russian national Vitalii Nikolayevich Kovalev, 36,
already wanted in the US, is one of BKA’s most wanted.
He is allegedly behind Conti, considered to be the most professional and
best-organised ransomware blackmail group in the world with Kovalev described
as one of the “most successful blackmailers in the history of cybercrime” by
German investigators.
Using the pseudonyms Stern and Ben, BKA allege he is claimed to have attacked
hundreds of companies worldwide and extracted large ransom payments from them.
Kovolev, 36, from Volgorod, is believed to be living in Moscow, where several
firms are registered in his name. He was identified by US investigators in 2023
as having been a member of Trickbot.
Investigators now also believe he was at the helm of Conti and other blackmail
groups, such as Royal and Blacksuit (founded in 2022). His own cryptowallet is
said to be worth about €1bn.
BKA said, along with international partners, of the 37 perpetrators they
identified they had enough evidence to issue 20 arrest warrants."
Cheers,
*** Xanni ***
--
mailto:xanni@xanadu.net Andrew Pam
http://xanadu.com.au/ Chief Scientist, Xanadu
https://glasswings.com.au/ Partner, Glass Wings
https://sericyb.com.au/ Manager, Serious Cybernetics
