Yazılar

U.S. Indicts Russian Hacker Behind Qakbot Malware, Unseals Charges Against DanaBot Network

/in /tarafından

The U.S. Department of Justice on Thursday unsealed criminal charges against Russian national Rustam Rafailevich Gallyamov, accusing him of masterminding Qakbot, a long-running malware operation that infected thousands of computers worldwide and facilitated ransomware and cyber fraud schemes.

At the same time, prosecutors also announced charges against 16 individuals allegedly behind the DanaBot malware, part of an international enforcement effort called Operation Endgame.

Qakbot Mastermind Indicted

  • Rustam Gallyamov, 48, of Moscow, is accused of leading a cybercriminal group responsible for developing and deploying Qakbot since the early 2010s.

  • Qakbot was used to:

    • Infect computers with ransomware and other malware

    • Build and operate botnets to control compromised devices

    • Launch further malicious campaigns

  • A federal complaint also seeks the forfeiture of over $24 million in seized crypto and fiat funds linked to the case.

  • The DOJ said Gallyamov remained active in cybercrime operations as recently as January 2025, despite a major 2023 international takedown of Qakbot infrastructure.

  • Gallyamov’s current whereabouts are unknown, and he has not responded to comment requests.

DanaBot Network Brought Down

  • Prosecutors in Los Angeles also unsealed charges against 16 people tied to the DanaBot malware operation.

  • DanaBot has infected more than 300,000 computers globally since 2018 and caused an estimated $50 million in damages.

  • Initially designed to steal banking credentials, DanaBot evolved to include broader information-theft capabilities and enabled unauthorized access for further cybercrime.

  • It was still seeing 1,000 new infections daily across over 40 countries in 2025, according to threat researchers at Black Lotus Labs, a participant in Operation Endgame.

  • This coordinated campaign involved international law enforcement and cybersecurity firms to dismantle infrastructure and arrest perpetrators globally.

Broader Impact

  • These cases illustrate the ongoing and evolving threat of malware and cybercrime, even after major takedowns.

  • The DOJ emphasized that it will continue pursuing cybercriminals operating beyond U.S. borders, often in partnership with global agencies.

M&S Cyberattack Traced to Third-Party Breach, Online Sales Disrupted Until July

/in /tarafından

Marks & Spencer (M&S) confirmed on Wednesday that a recent cyberattack which disrupted its operations originated from a security breach at a third-party contractor, not from within its own IT systems. The attack, first disclosed on April 22, will continue to impact the British retailer’s operations for several more weeks, including a halt to online sales expected to last until July.

In a briefing with reporters, CEO Stuart Machin said hackers used social engineering tactics to infiltrate a contractor’s network, bypassing M&S’s internal digital defences.

“Unable to get into our systems by breaking through our digital defences, the attackers did try another route… entering through a third party rather than a system weakness,” Machin explained.
“Once access was gained, they used highly sophisticated techniques as part of the attack.”

Involvement of Tata Consultancy Services

M&S holds a long-standing IT contract with Tata Consultancy Services (TCS), and a source familiar with the investigation told Reuters that TCS may have been the access point exploited in the breach. TCS declined to comment, and Machin did not confirm whether TCS was the contractor in question.

Timeline and Response

Suspicious activity was first detected over the Easter weekend (April 19–20). According to Machin, the time from breach to detection was relatively short, particularly compared to the industry average of 10 days or more.
Immediately after discovering the breach, M&S involved cybersecurity experts, law enforcement, and government agencies.

So far, 600 systems have been scanned, and the process of gradually bringing them back online is underway.

Online Sales and Business Impact

M&S’s online retail operations remain suspended, and the company does not expect full functionality to resume before July. The company has not disclosed whether a ransom demand was issued, citing official advice.

The UK’s National Crime Agency is investigating the attack, reportedly focusing on a group of young, English-speaking hackers.

Despite having boosted its tech spending threefold over the past three years, Machin stressed that no organization is immune to cyber threats.

M&S generates nearly £14 billion ($19 billion) in annual sales, and the breach marks a major disruption for one of Britain’s most recognized retail brands.

Massachusetts Student to Plead Guilty in PowerSchool Data Breach Affecting Millions

/in /tarafından

A 19-year-old college student from Massachusetts has agreed to plead guilty to hacking education software provider PowerSchool, in a breach that compromised data on tens of millions of students and teachers. The breach led to ransom demands targeting both the company and individual school districts.

Matthew Lane, a student at Assumption University in Worcester, is accused of stealing sensitive data by gaining unauthorized access to PowerSchool’s systems using login credentials belonging to a contractor. Prosecutors say he then transferred the stolen data to a server hosted in Ukraine in December 2024.

Shortly afterward, PowerSchool received a $2.85 million bitcoin ransom demand threatening to expose names, addresses, Social Security numbers, and other personal details of more than 60 million students and 10 million teachers unless the company complied. PowerSchool disclosed the breach in January 2025 and admitted to paying a ransom to prevent the data from being leaked.

Lane’s case is significant as it is the first time a suspect has been publicly linked to the breach, which impacted PowerSchool — a platform used by over 18,000 schools across North America. U.S. Attorney Leah Foley condemned Lane’s actions, saying they “instilled fear in parents that their kids’ information had been leaked into the hands of criminals – all to put a notch in his hacking belt.”

Court documents reveal that Lane also conspired in a previous cyber extortion scheme involving a telecommunications company, demanding a $200,000 ransom. He now faces charges of cyber extortion, aggravated identity theft, and unauthorized access to protected computers, carrying a mandatory minimum sentence of two years in prison.

Lane’s attorney did not comment on the plea deal, and PowerSchool has not disclosed further details beyond confirming ongoing extortion attempts aimed at multiple school districts affected by the breach.