U.S. Dismantles DanaBot, Charges 16 in $50M Scheme

The U.S. Department of Justice said Thursday it dismantled the infrastructure behind DanaBot, a malware platform tied to a Russia-based cybercriminal group, and unsealed charges against 16 individuals allegedly involved in the scheme.

According to the Justice Department, DanaBot—also known as DanaTools—was used to infect more than 300,000 computers globally, facilitating a sprawling cybercrime operation that generated over $50 million in illicit proceeds. The malware functioned as a modular banking trojan, enabling attackers to steal credentials, deploy ransomware, and access financial systems.

Authorities said the group behind DanaBot used a distributed network to target victims worldwide while evading detection. The charges mark one of the most significant actions taken by U.S. law enforcement in disrupting cybercrime originating from Eastern Europe.

The takedown underscores the growing global cooperation among agencies to combat cyber threats, which continue to impact financial systems and critical infrastructure across multiple sectors.