The U.S. authorities has indicted Russian nationwide Rustam Rafailevich Gallyamov, the chief of the Qakbot botnet malware operation that compromised over 700,000 computer systems and enabled ransomware assaults.
As per courtroom paperwork, Gallyamov began to develop Qakbot (also called Qbot and Pinkslipbot) in 2008 and deployed it to create a community of hundreds of contaminated computer systems.
Over time, a group of builders was shaped round Qakbot however the indictment notes that different malware was additionally created beneath Gallyamov’s management.
For a few decade, Gallyamov used Qakbot as a banking trojan with worm capabilities, malware dropper, or backdoor that would additionally report keystrokes.
Beginning in 2019, Qakbot turned the preliminary an infection vector in lots of ransomware assaults from notorious gangs reminiscent of Conti, ProLock, Egregor, REvil, RansomExx, MegaCortex, Doppelpaymer, Black Basta, and Cactus.
For offering preliminary entry, Gallyamov allegedly obtained a portion of the ransom paid by the victims. The fee various primarily based on an association with every ransomware group.
Over $24 million seized in digital property
In response to the indictment, Qakbot infections led to a whole bunch of ransomware victims throughout the globe. The checklist contains personal corporations, healthcare suppliers, and authorities businesses.
The compromises induced a whole bunch of tens of millions of {dollars} in injury. In simply 18 months, monetary damages exceeded $58 million.
In 2023, the Qakbot botnet was dismantled by the FBI, after hacking elements of its infrastructure and taking management of 1 pc utilized by a Qakbot administrator.
Regardless of this, Gallyamov continued malicious operations and “orchestrated spam bomb assaults towards victims in the USA as lately as January 2025.”
Earlier at the moment, the Justice Division filed a forfeiture criticism towards greater than $24 million in cryptocurrency seized from Gallyamov through the investigation.
Final month, the FBI seized extra unlawful property – 30 bitcoins and $700,000 in USDT tokens, value greater than $4 million at at the moment’s alternate price.
Legislation enforcement actions had been taken together with Operation Endgame, a global effort that led to seizing greater than 100 servers utilized by a number of botnets and malware loaders (e.g. IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC).
Primarily based on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK methods behind 93% of assaults and easy methods to defend towards them.
