Investigators bust Russian hacking ring behind 300K+ global infections

The Guardian reported the information.

According to the report, law enforcement officers from Great Britain, the USA, Canada, Germany, France, Denmark, and the Netherlands participated in the large-scale operation.

According to the investigation, hackers from Russia and related structures infected more than 300,000 devices in the USA, Europe, Australia, Poland, India, and Italy. The cybercriminals' goal was to steal data, blackmail, and conduct cyber espionage against governmental, diplomatic, and military institutions. Some of the stolen information was stored on servers in Russia.

International investigators have identified 37 individuals, and international arrest warrants have been issued for 20 of them. The United States has also brought charges against 16 hackers, including the organizers of the Qakbot and Danabot malicious networks.

In particular, the suspects include Rustam Gallyamov from Moscow, Aleksandr Stepanov (pseudonym JimmBee) and Artem Kalinkin (Onix) from Novosibirsk, as well as Ukrainian Roman Prokop, who is considered a member of Qakbot. International investigators stated that most of the suspects are Russian citizens.

Investigators are paying particular attention to Russian Vitaly Kovalev, who, according to German police, is behind the Conti group. German investigators call him one of the most successful blackmailers in the history of cybercrime.

Operation Endgame, led by Germany, has been ongoing since 2022. Despite the low probability of extradition of the individuals from Russia or the UAE, German investigators say that their identification and exposure have already dealt a powerful blow to the cybercrime network.

• Recently, the British Legal Aid Agency reported a cyberattack that resulted in the leakage of a "significant amount" of personal data, including criminal records of people who have applied for legal aid since 2010.