The U.S. Department of Justice has unsealed charges against 16 individuals involved in the DanaBot malware-as-a-service platform, which has been responsible for over $50 million in global losses. According to reports from KrebsOnSecurity, a newer version of DanaBot was used for espionage, and some defendants accidentally infected their own systems with the malware, revealing their real-life identities. Initially spotted by researchers at Proofpoint in May 2018, DanaBot is a malware platform that specializes in credential theft and banking fraud. The government alleges that the malware infected over 300,000 systems globally, with estimates of losses exceeding $50 million. The ringleaders of this conspiracy are identified as Aleksandr Stepanov, known as ‘JimmBee,’ and Artem Kalinkin, known as ‘Onix,’ both from Novosibirsk, Russia. Kalinkin works as an IT engineer for Gazprom, a Russian state-owned energy company. The FBI has identified at least 40 affiliates who paid between $3,000 and $4,000 a month for access to the platform. The government claims that the malware was initially sold between 2018 and June 2020 before being taken off Russian cybercrime forums. A newer version, emerging in late 2020, was used for more targeted attacks on military, diplomatic, and non-governmental systems in several countries, including the United States, Belarus, the United Kingdom, Germany, and Russia. The DOJ stated that agents with the Defense Criminal Investigative Service (DCIS) have seized the control servers used by the DanaBot authors. The government is now working with industry partners to notify victims and assist in remediation efforts. Several security firms, including ESET, Flashpoint, Google, and Proofpoint, have provided assistance to the government in this investigation.