The US Department of Justice has unveiled charges against Russian Rustam Gallyamov, accused of leading the group behind Qakbot – one of the most dangerous botnets of the last decade – for years. At the same time, 16 people linked to the operations of DanaBot – the malware that has infected more than 300,000 computers since 2018 and caused losses of up to $50 million – have been charged in Los Angeles.
Both cases are elements of Operation Endgame – a wide-ranging campaign by international services and the private sector targeting cybercrime infrastructure. While the operation itself has had tangible successes, such as the dismantling of the Qakbot infrastructure in 2023, the latest allegations show that key actors are still active.
From an IT industry perspective, these reports confirm that cybercrime activity does not die down after spectacular arrests – it evolves. Qakbot and DanaBot have undergone a transformation from tools for stealing bank data to platforms for further attacks, including ransomware. Significantly, their infrastructure was still active in 2025, with infections – according to analysts – affecting up to 1,000 computers a day.
For technology companies, it’s a reminder that cyber resilience is not a one-off project, but a state of constant readiness. In the age of AI and automated phishing, the real threat is no longer just individual hackers, but extended criminal ecosystems that can adapt faster than corporate defences.
Even the loudest law enforcement operations do not end the war on cybercrime – at most they change the rules.
