Leader of Qakbot Cybercrime Network Indicted in U.S. Crackdown
Russia's notorious cybercrime mastermind, Rustam Gallyamov, has been indicted by the United States for his role in leading the Qakbot botnet, a malware operation that infected over 700,000 devices and facilitated numerous ransomware attacks.
A Decade-Long Reign of Terror
Qakbot, also known as QBot, QuackBot, or Pinkslipbot, has been active since 2008, making it one of the longest-running malware operations in history. Initially developed by Gallyamov and his team, the malware spread via malspam campaigns, inserting replies into active email threads.
Over time, Qakbot expanded its capabilities, serving as a trojan, dropper, and backdoor for attackers. Since 2019, it has been used as an attack vector in ransomware operations by prominent gangs like Conti, REvil, Black Basta, Egregor, and others.
A Global Reach
The Qakbot botnet has had a significant impact globally, with over 200,000 infected computers located in the United States alone. Investigators have found evidence that administrators received fees corresponding to approximately $58 million in ransoms paid by victims between October 2021 and April 2023.
A Multinational Effort
The U.S. Justice Department's latest charges are part of a multinational cybercrime crackdown, involving the United States, France, Germany, the Netherlands, Denmark, the United Kingdom, and Canada. This effort aims to combat cybercrime and disrupt operations like Qakbot.
A $24 Million Civil Forfeiture Complaint
The DOJ has filed a civil forfeiture complaint to seize over $24 million in cryptocurrency from Gallyamov, part of the investigation. This action is aimed at depriving Gallyamov of his illicit proceeds and ultimately returning those funds to victims.
Previous Seizures and the 2023 Operation 'Duck Hunt'
Over 170 BTC and millions in crypto were previously seized as part of the investigation. The 2023 Operation 'Duck Hunt' dismantled the Qakbot botnet, revealing Gallyamov and his team continued attacks using "spam bombs" and ransomware like Black Basta and Cactus into 2025.
Victim Resources Available
The FBI has provided victim resources at justice.gov/qakbot-resources. The Department of Justice is committed to supporting victims of cybercrime and protecting the public from these threats.
Stay Informed with Security Affairs
Follow me on Twitter: @securityaffairs for the latest updates on cybersecurity news and trends. Stay ahead of the curve by joining the conversation on Facebook and Mastodon.