The U.S. Department of Justice has indicted Rustam Rafailevich Gallyamov of Moscow for developing and deploying the Qakbot malware, a major cyber threat responsible for infecting over 700,000 systems globally. The malware, which evolved from a banking trojan, became a powerful tool for credential theft, lateral movement, ransomware deployment, and the creation of vast botnets.
Gallyamov faces charges of conspiracy to commit computer and wire fraud.
Qakbot infiltrated networks through phishing emails, used advanced evasion techniques, and supported ransomware strains like REvil, Conti, and Black Basta. The malware’s modular nature and persistent capabilities allowed it to remain undetected while continuing to expand its reach. Despite a 2023 international takedown operation named Duck Hunt, the group behind Qakbot quickly shifted to new attack vectors like spam bombing to regain network access.
Authorities allege that Gallyamov continued to orchestrate attacks well into 2025. His tactics adapted over time, leveraging social engineering and malicious payload delivery methods. The Justice Department is seeking to return over $24 million in seized cryptocurrency, including bitcoin and stablecoins, to victims affected by the operation.
This case is part of a broader international campaign, Operation Endgame, aimed at dismantling cybercriminal infrastructure.
Law enforcement agencies from the U.S., EU, UK, and Canada coordinated efforts through Europol to pursue malware developers and operators. The indictment underscores the global impact of Qakbot and the importance of cross-border collaboration to counter advanced cyber threats.
Reference:
