The United States has taken decisive action to eliminate one of the most persistent cybercrime threats in history by joining forces with international law enforcement bodies and several private cybersecurity companies to dismantle the infrastructure behind the notorious malware operation known as DanaBot, whose origins were linked to Russian state security interests over the past decade.
During this multi-year campaign, hundreds of thousands of infected devices throughout the world were effectively cut off from the botnet’s command and control channels by the seizure of the DanaBot server systems hosted within the United States.
As CrowdStrike, the leading security company involved in the takedown, reports, the Defence Criminal Investigative Service (DCIS) has neutralised the operators’ ability to issue malicious directives.
As CrowdStrike, the leading security company involved in the takedown, reports, the Defence Criminal Investigative Service (DCIS) has neutralised the operators’ ability to issue malicious directives.
Thus, this criminal enterprise, as well as the wider network of Russian cyberproxies that are increasingly dependent on criminal syndicates for the advancement of their state-sponsored objective, has been disrupted by the operation.
DanaBot, a banking Trojan that was tracked by security researchers under the name Scully Spider, has evolved over the years into a sophisticated tool that is capable of stealing credentials, espionaging, and leaking large quantities of data, which is an indication of the convergence between the interests of financial groups and geopolitical agents in espionage.
DanaBot, a banking Trojan that was tracked by security researchers under the name Scully Spider, has evolved over the years into a sophisticated tool that is capable of stealing credentials, espionaging, and leaking large quantities of data, which is an indication of the convergence between the interests of financial groups and geopolitical agents in espionage.