E. Martin Estrada, U.S. Attorney | U.S. Attorney's Office for the Central District of California
A federal grand jury has indicted 16 individuals accused of creating and distributing the DanaBot malware, which was controlled by a cybercrime organization based in Russia. The malware reportedly infected over 300,000 computers globally, leading to fraud and ransomware activities that resulted in damages exceeding $50 million.
The indictment identifies Aleksandr Stepanov, known as "JimmBee," and Artem Aleksandrovich Kalinkin, known as "Onix," both from Novosibirsk, Russia. Stepanov faces charges including conspiracy to commit wire fraud and bank fraud, while Kalinkin is charged with unauthorized computer access for fraudulent purposes. Both are believed to be in Russia and remain at large.
DanaBot employed various methods such as spam emails with malicious links or attachments to infiltrate computers. Once infected, these computers became part of a botnet allowing remote control by the malware operators. This system functioned on a malware-as-a-service model where administrators leased botnet access for several thousand dollars monthly.
The software had capabilities to steal data, hijack banking sessions, record keystrokes, and provide full remote access to compromised systems. A second version targeted military and government entities by recording interactions on victim computers.
“Pervasive malware like DanaBot harms hundreds of thousands of victims around the world,” stated United States Attorney Bill Essayli for the Central District of California. He emphasized the commitment to combat global cybersecurity threats.
Special Agent Kenneth DeChellis from the Department of Defense's Cyber Field Office highlighted that these enforcement actions disrupted a significant cyber threat group profiting from data theft. “The DanaBot malware was a clear threat to the Department of Defense and our partners.”
FBI Special Agent Rebecca Day remarked on this being a significant step in dismantling cyber-criminal networks affecting global digital security. She acknowledged international law enforcement collaboration in holding cybercriminals accountable.
If convicted, Kalinkin could face up to 72 years in prison while Stepanov could receive up to five years. As part of Operation Endgame—a collaborative effort against global cybercrime—DCIS agents have seized DanaBot servers hosted in the U.S., working alongside partners like Shadowserver Foundation for remediation efforts.
Companies such as Amazon, Crowdstrike, ESET among others provided assistance during this investigation led by FBI’s Anchorage Field Office and other international agencies including Germany’s Bundeskriminalamt (BKA) and Australian Federal Police.
Assistant U.S. Attorney Aaron Frumkin is prosecuting these cases with Assistant U.S. Attorney James E. Dochterman handling asset forfeiture proceedings.
