red padlock on black computer keyboard

16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide

Posted on May 22, 2025

LOS ANGELES

 Federal authorities unsealed charges Thursday against 16 individuals accused of creating and deploying DanaBot, a powerful malware tool linked to a Russia-based cybercrime ring that infected over 300,000 computers worldwide and caused more than $50 million in damages, officials stated. 

Aa person wearing a mask using a laptopll defendants are presumed innocent unless proven guilty.

Among those charged are Aleksandr Stepanov, 39, aka “JimmBee,” and Artem Kalinkin, 34, aka “Onix,” both from Novosibirsk, Russia. They remain at large.

Stepanov faces multiple charges, including conspiracy, wire fraud, identity theft, and wiretapping. Kalinkin faces conspiracy and computer fraud charges and could face up to 72 years in prison if convicted.

According to court documents, DanaBot spread via malicious email attachments and links, hijacking computers into a botnet-for-hire operation.

The malware was rented to cybercriminals for thousands of dollars a month.

It enabled the theft of banking credentials, browser data, cryptocurrency wallets, and full remote control of infected machines. It also deployed ransomware and recorded user keystrokes and activity.

FBI Latest Hate Crime Report: Hate Crimes Down Slightly in AmericaA special version of DanaBot targeted sensitive entities such as military, government, and diplomatic organizations in North America and Europe. This version secretly recorded and exfiltrated data to separate servers.

 “The enforcement actions announced today, made possible by enduring law enforcement and industry partnerships across the globe, disrupted a significant cyber threat group, who were profiting from the theft of victim data and the targeting of sensitive networks,” said Special Agent in Charge Kenneth DeChellis of the Department of Defense Office of Inspector General, Defense Criminal Investigative Service (DCIS), Cyber Field Office. “The DanaBot malware was a clear threat to the Department of Defense and our partners. DCIS will vigorously defend our infrastructure, personnel, and intellectual property.”

The FBI and the Defense Criminal Investigative Service (DCIS) led the investigation with international support from law enforcement in Germany, the Netherlands, and Australia, as part of Operation Endgame, a coordinated global cybercrime takedown.

Seizures included DanaBot’s command-and-control infrastructure hosted in the U.S. The government is now working with tech partners like Google, Amazon, CrowdStrike, and Shadowserver to notify victims and remediate infections.

Assistant U.S. Attorney Aaron Frumkin is prosecuting the criminal case, while Assistant U.S. Attorney James Dochterman is handling asset forfeiture.