Berlin – In a sophisticated cross-border operation, law enforcement agencies from seven countries have dismantled a notorious Russian-led cybercrime network, believed to be responsible for the distribution of some of the world’s most damaging malware strains. The operation, codenamed Endgame, marks one of the most consequential offensives ever mounted against state-tolerated cybercriminal actors.
Authorities from Germany, the United States, the United Kingdom, Canada, France, Denmark, and the Netherlands collaborated closely to identify and target the leaders of malware syndicates such as Qakbot, Danabot, Trickbot, and Conti. Arrest warrants have been issued for 20 individuals, with 16 formal indictments unsealed in the U.S. Most of the suspects are believed to be based in Russia, underscoring the growing impunity granted to cybercriminals operating from within its borders.
Among those named are Rustam Rafailevich Gallyamov, 48, of Moscow, and Aleksandr Stepanov, 39, also known as “JimmBee,” and Artem Kalinkin, 34, alias “Onix,” both from Novosibirsk. The U.S. Department of Justice alleges their central role in developing and deploying sophisticated malware targeting over 300,000 devices globally.
Notably, the German Federal Criminal Police Office (BKA) placed particular emphasis on the elusive figure of Vitalii Nikolayevich Kovalev, also known as “Stern” or “Ben.” Hailed by investigators as one of the most prolific blackmailers in cybercrime history, Kovalev is allegedly behind Conti, a ransomware group described as highly organized and professionally run. His operations are believed to have extorted massive ransoms from hundreds of global enterprises, with his crypto assets reportedly valued at over €1 billion.
What elevates this operation beyond previous cyber takedowns is the intelligence-led targeting of infrastructure and financial pipelines, including the darknet servers used for data exfiltration. BKA confirmed that espionage variants of Danabot were used to breach diplomatic and governmental systems, with stolen data rerouted to servers within Russian territory.
While extradition of the named suspects remains unlikely—given Moscow’s historical reluctance to cooperate on cybercrime—the symbolic impact of this exposure is considerable. “With Operation Endgame 2.0, we have once again demonstrated that our strategies work—even in the supposedly anonymous darknet,” said BKA President Holger Münch.
The transnational character of the investigation speaks to a broader recognition: cybercrime is no longer a fringe threat, but a core national and corporate security issue. The convergence of criminal innovation and state inaction, or even tacit approval, elevates operations like Endgame to a geopolitical milestone.
