NATIONWIDE FEDERAL CRIMINAL DEFENSE (833) 594-2133

Federal Crimes Blog

DOJ Charges 16 Defendants in DanaBot Malware Scheme

Posted by Ronald D. Hedding | Jul 08, 2025

The U.S. Department of Justice (DOJ) announced the disruption of the online infrastructure associated with DanaBot and unsealed federal criminal charges against 16 individuals for their alleged involvement in the development and deployment of the malware, which it said was controlled by a Russia-based cybercrime organization.

The DanaBot malware, a global menace, has infected over 300,000 victim computers worldwide, leading to fraud and ransomware, and causing damages exceeding $50 million. This global reach underscores the urgent and significant threat posed by cybercrime, with two of the defendants, both from Novosibirsk, Russia, currently at large, highlighting the international nature of the issue.

The defendants have been charged with conspiracy, wiretapping, conspiracy to commit wire fraud and bank fraud, aggravated identity theft, unauthorized access to a protected computer to obtain information, unauthorized impairment of a protected computer, wiretapping, and use of an intercepted communication. 

The unsealed criminal complaint and indictment reveal a significant oversight on the part of the defendants. Many of them inadvertently exposed their real-life identities after infecting their systems with the malware, serving as a cautionary tale about the risks and consequences of engaging in cybercrime.

The danaBot malware employed a range of methods to infect victim computers, including the distribution of spam email messages containing malicious attachments or hyperlinks. Once infected, these victim computers became part of a botnet—a network of compromised computers—enabling the operators and users of the botnet to control the infected computers remotely.

The DOJ stated that DanaBot administrators operated a second version of the botnet, which was designed to target computers belonging to military, diplomatic, government, and related entities in North America and Europe. This variant, emerging in January 2021, was equipped with the capability to record all interactions occurring on a victim device and send the data to a different server.

Key Takeaways

  • The federal charges underscore the scale and sophisticated nature of DanaBot's impact, as well as the growing resolve of federal agencies to pursue computer fraud and dismantle cybercrime networks. 
  • A federal grand jury indictment and criminal complaint charged multiple defendants who allegedly developed and deployed the DanaBot malware, which a Russia-based cybercrime organization controlled and used to infect thousands of victim computers worldwide.
  • This case is an example of how a single malware operation enabled computer hacking operations as varied as ransomware, wartime cyberattacks in Ukraine, and spying against foreign governments. It underscores the complexity and severity of cyber threats.
  • The Defense Criminal Investigative Service (DCIS), a crucial arm of the Department of Defense, played a pivotal role in this case. They carried out seizures of DanaBot infrastructure worldwide, including in the United States, as part of their mission to protect the integrity of Department of Defense programs and operations.
  • DOJ's expertise in cyber investigations was instrumental in the successful takedown of the DanaBot network. 
  • The federal complaint alleges that the DanaBot malware employed various methods to infect victim computers, including spam email messages containing malicious attachments or hyperlinks.
  • DanaBot is a dangerous malware that spreads through phishing emails with malicious links or attachments. Its threat is urgent and significant, underscoring the need for immediate action against cyber threats.
  • The takedown of the DanaBot network is part of Operation Endgame, an initiative focused on dismantling cybercrime organizations.
  • Operation Endgame aims to disrupt and dismantle global cybercrime networks, such as the one behind DanaBot, through coordinated international law enforcement efforts and strategic legal actions.

Stealing Information From Computers

The DanaBot malware operated on a malware-as-a-service model, with administrators leasing access to the botnet and support tools to client conspirators for a substantial monthly fee. The DanaBot malware had extensive capabilities to exploit victim computers, and could be used to steal data from victim computers and to:

  • Hijack banking sessions,
  • User browsing histories,
  • Stored account credentials, and
  • Cryptocurrency wallet information.

DanaBot has also been used as an initial means of infection for other forms of malware, including ransomware.

Why You Need a Federal Defense Lawyer 

The case against those involved in the DanaBot scheme highlights an aggressive approach to combating cybercrime. Agencies such as the FBI and the Department of Defense are investing significant resources in monitoring, investigating, and prosecuting cyber offenses. This highlights the importance of seeking legal counsel if you are under investigation for computer fraud.

Federal cybercrime prosecutions often involve complex investigations that span months. They use digital forensics, network surveillance, and the collaboration of numerous agencies.

Federal Defense Lawyer 

Many people find themselves under investigation for computer fraud, even if they are not directly involved in the suspected crimes. If you believe you are a subject of interest in a federal cybercrime investigation, you will need to retain an experienced federal criminal defense lawyer.

Defending cybercrime cases requires navigating the complexities of both federal law and the technical nuances of cyber investigations.

Our lawyers can assess the evidence being used against you, challenge improper investigative practices, and work to mitigate penalties if a conviction appears unavoidable.

We can advise you on how to respond to subpoenas, manage your statements to investigators, and protect your rights during the collection of digital evidence. For more information, contact the Hedding Law Firm, based in Los Angeles, CA.

Related Content:

About the Author

Ronald D. Hedding
Ronald D. Hedding

What Makes Ronald Hedding Uniquely Qualified To Represent You? I've been practicing criminal defense for almost 30 years and have handled thousands of cases, including all types of state and federal sex crime cases. All consultations are discreet and confidential.

Contact Us Today

Hedding Law Firm is committed to answering your questions about Federal Criminal Defense issues in Los Angeles and Encino California. We'll gladly discuss your case with you at your convenience. Contact us today to schedule an appointment.

Menu