In the latest phase of Operation Andgem, an international law enforcement operation, 300 servers and 650 domains were seized by national authorities from seven countries, used to launch ransomware attacks.
“From May 19 to 22, the authorities took down some 300 servers worldwide, neutralizing 650 domains, and issued international arrest warrants against 20 goals, gave a straight blow to ransomware kill chain,” Official website of joint action,
“In addition, EUR 3.5 million in Cryptocurrency was seized during the Action Week, causing the total amount seized during Operation Endege Eur 21.2 million.”
With private sector partners, coordinated by officers Europeol And Urosest Many cybercrime operations including Bumblebee, Lactrodectus, Qakbot, Danabot, Trickbot and Warmcookie were targeted.
These malware strains are often provided as the service of other cyber criminals and used to achieve access to the network of targeted victims in ransomware attacks.
Europeol’s Executive Director Catherine de Bolley as Cyber Criminal Rule, even as a cyber criminal, shows the ability to re -adapt and strike the ability of law enforcement. ” couple“Criminals trusted to deploy ransomware by disrupting the services, we are breaking the Kill Chain at its source.”
Granabot charge
On Thursday, US justice department also Unrelated charge The Russian Cyber Crime is allegedly part of a Russian cyber crime gang against 16 defendants who controlled the Danabot Malware Operation.
US authorities nominated eight of the 16 Russian citizens (Alexandra Stepanov, Artem Alexandrovich Kalinkin, Denil Khaleitov, Alexi Efficitov, Kamil Sztugulvski, Ibrahim Idovu, Artem Shubin and Artem Shubin and Alexi Khudikov) were mentioned.
according to a ComplaintHe used botnets to deploy additional malware payloads including ransomware, and infected over 300,000 computers globally, exceeding the damage to more than $ 50 million.
Danabot Malware is active from 2018, and is operated on a Malware-A-Service model and allows administrators to reach their botnet and support tools for thousands of dollars per month. Malware can kidnap banking sessions, steal data and browse history, and provide full remote access to the compromised system, enabling keystroke logging and video recording of user activities.
Admins of Danabot have used the second version of this botnet for cyberpine purposes, which targets military, diplomatic and government organizations.
“This version of Botnett recorded all interactions with computers and sent stolen data to a separate server, which is different from Danabot’s fraud-oriented version,” Justice department said“This version was allegedly used to target diplomats, law enforcement personnel and army members in North America and Europe.”
Previous Operation Andgem Action
The action of this week follows several other operation andge stages, including seizure of over 100 servers hosting more than 2,000 domains used by multiple malware loader operations, including iCedid, pikabot, tricbot, bumblebee, smokeloader and systembc.
Since then, the law enforcement agents have also arrested a cont and lockbit ransomware cryptor expert in June 2024, who helped make malware undesirable by antivirus software.
In April, the police also tracked the customers of the smoklader botnet and detained at least five persons, using the intelligence received after seizing the database on the cyber criminal, using the intelligence obtained after seizing the database, who paid for the smokeloder subscription.
This week, the Russian National Rustom Rafaelvich Galimov, the leader of the Kakbot Malware Operation, who compromised over 700,000 computers and competent ransomware attacks, was also convicted in the United States.
Additionally, about 2,300 domains earlier this month were seized in disintegration action led by a Microsoft, which targets the Lumma Malware-e-Sarvis (MAAS) information steeler operation.
Based on the analysis of 14M malicious tasks, search for the top 10 MITERAT & CK techniques behind the 93% attacks and how to defend them against them.
