DOJ charges man allegedly behind Qakbot malware

Avatar

The alleged leader of the cybercriminal gang behind the Qakbot malware, which was used by many high-profile ransomware gangs, has been indicted by the U.S. Justice Department. 

Russian national Rustam Gallyamov, 48, allegedly created the software in 2008, which until its disruption was believed to have infected more than 700,000 computers. 

In August 2023, the Justice Department announced a multinational operation involving France, Germany, the Netherlands, the United Kingdom, Romania and Latvia to take down the botnet and to delete its code from infected computers. 

According to the indictment, Gallyamov handed over access to victims’ devices to co-conspirators who infected computers with various strains of ransomware. In return, he was paid a portion of the collected funds. Victims included a Los Angeles dental office, a technology company from Nebraska, a manufacturer in Wisconsin and a Canadian real estate company, among others. 

Ransomware gangs including Conti, REvil, Black Basta and Dopplepaymer made use of the malware in their campaigns, according to the indictment.

After the Qakbot takedown, Gallyamov’s group allegedly shifted tactics, instead launching “spam bomb” attacks targeting employees at companies in order to trick them into granting access to networks. 

In conjunction with the indictment, the Justice Department also announced a civil forfeiture complaint on Thursday against funds seized from Gallyamov, which are worth more than $24 million.

The investigation was led by the FBI’s Los Angeles office, in partnership with investigators in Germany, Netherlands and France. 

Also on Thursday, the DOJ unsealed a grand jury indictment and criminal complaint charging 16 people with creating and deploying the DanaBot malware. In the hands of a Russian cybercrime group, the malware infected more than 300,000 devices globally and caused at least $50 million in damage, the indictment alleged.

CybercrimeGovernmentNewsNews BriefsMalware
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

James Reddick

has worked as a journalist around the world, including in Lebanon and in Cambodia, where he was Deputy Managing Editor of The Phnom Penh Post. He is also a radio and podcast producer for outlets like Snap Judgment.

 

Total
0
Shares
Previous Post

Decentralized crypto platform Cetus hit with $223 million hack

Next Post

GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts

Related Posts

U.S. House Bans WhatsApp on Official Devices Over Security and Data Protection Issues

The U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security concerns. The development was first reported by Axios. The decision, according to the House Chief Administrative Officer (CAO), was motivated by worries about the app's security. "The Office of Cybersecurity has deemed WhatsApp a high-risk to users
Avatar
Read More