How STRIKE Helped Identify Qakbot’s Alleged Operator and Support a $24M Asset Seizure

SecurityScorecard’s STRIKE team supported multinational law enforcement in the investigation and attribution of Qakbot, a long-running malware platform used since 2008 as a first-stage loader for numerous ransomware groups. The DOJ unsealed an indictment against an alleged Qakbot operator, Rustam Gallyamov, and pursued civil forfeiture of millions in cryptocurrency; the report details prior takedowns (including seizures in 2023 and 2024/2025), the actors’ shift to spam-bomb campaigns after infrastructure disruption, and STRIKE’s infrastructure tracking and TTP analysis that contributed to the case.