The US government today ignored criminal allegations against 16 persons accused of operating and sales. DanabotA vigorous tension of informative malware which has been sold on Russian cybercrime forums since 2018. FBI A new version of Danabot was used for espionage, and that many defendants highlighted their real life identity after infecting their own system with malware.
Features of Danabot, as is promoted on its support site. Picture: welvivesecurity.com
Initially Moldy By researchers in the email safety firm in May 2018 Proof pointDanabot is a Malware-e-Service platform which specializes in credential theft and banking fraud.
Today, US justice department From 2022, a criminal complaint and prosecution were ignored, stating that the FBI identified at least 40 colleagues who were paying information between $ 3,000 to $ 4,000 per month for access to the steel platform.
The government says the malware infected more than 300,000 systems globally, causing an estimated loss of over $ 50 million. Danabot Conspiracy Ringalders is named Alexandra Stepanov39, aka “Zimbi,” And Artem Alexendrovich Kalinkin34, aka “Onix“, Both Novosibirsk, Russia. Kalinkin is an IT engineer for the Russian state -owned energy giant GazpromHis Facebook profile name is “Mafiozi”.
According to the FBI, Danabot had at least two major versions; The first was sold between 2018 and June 2020, when Malware was stopped to be introduced on Russian Cybercrime Forums. The government alleges that the second version of the emerging danbot in January 2021–In many countries including the United States, Belarus, United Kingdom, Germany and Russia, military, diplomatic and non-governmental organizations were provided to co-speculators for use in targeting computers.
“Unchastinated co-prosecutors will use the detective version to compromise computers around the world and to steal sensitive diplomatic communication, credentials, and other data of these targeted victims,” a grand jury prosecution has been said in a grand jury prosecution with September 20, 2022.
The prosecution stated that in 2022, the FBI seized the server used by Danabot writers to control its malware, as well as those servers who stored the stolen data. The government said that server data also shows several examples in which Danabot defenders have infected their own PCs, resulting in their credential data uploaded to the stolen data repository which were seized by Fed.
“In some cases, such self-consciences are deliberately performed to test, analyze or improve malware,” reads criminal complaints. “In other cases, the infection seemed unknowingly – one of the dangers of cyber crime is that the culprits would sometimes accidentally infect themselves with their own malware.”
Picture: welvivesecurity.com
A statement Tells DOJ that as part of today’s operation, with agents Defense criminal inquiry service (DCIS) seized the Danabot control server, including dozens of virtual servers hosted in the United States. The government says that it is now working with industry partners to inform the Danabot victims and to help over the infection. This statement credits many security firms along with assisting the government. Esset, Flash point, Google, Intel 471, Lumen, Papail, Proof point, Team CyrimuAnd Zascaler,
It is not unheard of financially oriented malicious software to be rebuilt for espionage. A version of Zus TrozonWhich was used in countless online banking attacks against companies between 2007 and at least 2015 in the United States and Europe, for a time for espionage work by its author.
As detailed in this 2015 story, the author of the Zeus Trojan created a custom version of malware to serve as a detective machine, which refrained infected systems in Ukraine for specific keywords in emails and documents, which would probably be found in classified documents only.
16 danabot counter -causing public charging comes a day later Microsoft became involved A group of technical companies in Disrupt IT infrastructure For another Malware-e-Service Offer- Luma steelerWhich is similarly introduced to affiliates under the price of tier membership from $ 250 to $ 1,000 per month. Separately, Microsoft filed a civil suit to seize control over 2,300 domain names used by Lumma Stealer and its colleagues.
Further reading:
Danabot: Analysis of a fallen empire
ZSCAler Blog: Danabot launched DDOS attack against Ukrainian Defense Ministry
Flashpoint: Operation andge Danabot Malware
Team Cyrmu: Inside Danabot’s infrastructure: in support of Operation Andgem II
March 2022 Criminal Complaint v. Artem Aleksandrovich Kalinkin
