An international coalition of law enforcement agencies has exposed a vast Russian cybercriminal network responsible for infecting over 300,000 computers across the globe, including in the United States, Europe, India and Australia. The large coordinated effort—codenamed Operation Endgame—was led by German authorities and included investigators from the United Kingdom, United States, France, Canada, Denmark and the Netherlands.
According to official sources, the network used malicious software including Qakbot, Danabot, Conti and others to conduct data theft, blackmail and cyber espionage. These targeted both public and private institutions, including military, diplomatic and government offices. Some of the stolen information was traced back to servers located in Russia.
The cybercriminal tools were openly marketed on Russian language forums. Investigators revealed that a specific “spy” version of the software was deployed to infiltrate sensitive institutions. So far, 37 individuals have been identified, with 20 placed on international wanted lists. Among them are 16 named in US indictments, including the masterminds behind the Qakbot and Danabot networks.
The named suspects include Rustam Gallyamov of Moscow, Oleksandr Stepanov (alias JimmBee), Artem Kalinkin (alias Onix) from Novosibirsk, and a Ukrainian national, Roman Prokop, linked to Qakbot. However, the majority of those implicated are Russian citizens.
Particular attention has been focused on Russian national Vitaliy Kovalev, who is alleged to be the leader of the Conti ransomware group. Described by German investigators as one of the most successful blackmailers in the history of cybercrime, Kovalev has reportedly operated without consequence in Russia or Dubai. The United States has offered a reward of 10 million US dollars (approximately £7.9 million) for information leading to the capture of Conti’s key figures.
Though extradition from Russia or Dubai remains unlikely due to political protection for many of these suspects, officials state that their exposure has already disrupted global cybercrime activity. Operation Endgame, which began in 2022, continues.
The findings come against the backdrop of wider Russian cyber-aggression, including hacks on European Union border surveillance systems and attempts to interfere with Western military aid routes to Ukraine. British intelligence has previously confirmed Russian military cyberattacks aimed at derailing Ukraine’s support pipeline from the West.
