This edition of the Venice Biennale includes 65 national pavilions, 11 collateral events, and over 750 participants in the international exhibition curated by Italian architect and engineer Carlo Ratti. Entitled Intelligens: Natural Artificial Collective, its stated aim is to make Venice a ‘living laboratory’. But Ratti’s exhibition in the Arsenale has been hit by mixed reviews. The AJ’s Rob Wilson described it as ‘a bit of a confusing mess’, while other media outlets have called the robot-heavy exhibit of future-facing building-focused solutions to the climate crisis a ‘tech-bro fever dream’ and a ‘mind-boggling rollercoaster’ to mention a few. It is a distinct shift away from the biennale of two years ago twhen Ghanaian-Scottish architect Lesley Lokko curated the main exhibitions, including 89 participants – of which more than half were from Africa or the African diaspora – in a convincing reset of the architectural conversation.Advertisement This year’s National Pavilions and collateral exhibits, by contrast, have tackled the largest themes in architecture and the world right now in a less constrained way than the main exhibitions. The exhibits are radical and work as a useful gauge for understanding what’s important in each country: decarbonisation, climate resilience, the reconstruction of Gaza, and an issue more prevalent in politics closer to home: gender wars. What's not to miss in the Giardini? British Pavilion (photography: Chris Lane) UK Pavilion The British Pavilion this year, which won a special mention from the Venetian jury, is housing a show by a British-Kenyan collab titled GBR – Geology of Britannic Repair. In it, the curators explore the links between colonialism, the built environment and geological extraction. Focusing on the Rift Valley, which runs from east Africa to the Middle East, including Palestine, the exhibition was curated by the Nairobi-based studio cave_bureau, UK-based curator, writer and Farrell Centre director Owen Hopkins and Queen Mary University professor Kathryn Yusoff. The pavilion’s façade is cloaked by a beaded veil of agricultural waste briquettes and clay and glass beads, produced in Kenya and India, echoing both Maasai practices and beads once made on Venice’s Murano, as currency for the exchange of metals, minerals and slaves. The pavilion’s six gallery spaces include multisensory installations such as the Earth Compass, a series of celestial maps connecting London and Nairobi; the Rift Room, tracing one of humans’ earliest migration routes; and the Shimoni Slave Cave, featuring a large-scale bronze cast of a valley cave historically used as a holding pen for enslaved people.Advertisement The show also includes Objects of Repair, a project by design-led research group Palestine Regeneration Team (PART), looking at how salvaged materials could help rebuild war-torn Gaza, the only exhibit anywhere in the Biennale that tackled the reconstruction of Gaza face-on – doing so impressively, both politically and sensitively. Read more here. Danish Pavilion (photography: Hampus Berndtson) Demark Pavilion A firm favourite by most this year, the Danish exhibition Build of Site, curated by Søren Pihlmann of Pihlmann Architects, transforms the pavilion, which requires renovation anyway, into both a renovation site and archive of materials. Clever, simple and very methodical, the building is being both renewed while at the same time showcasing innovative methods to reuse surplus materials uncovered during the construction process – as an alternative to using new resources to build a temporary exhibition. The renovation of the 1950s Peter Koch-designed section of the pavilion began in December 2024 and will be completed following the biennale, having been suspended for its duration. On display are archetypal elements including podiums, ramps, benches and tables – all constructed from the surplus materials unearthed during the renovation, such as wood, limestone, concrete, stone, sand, silt and clay. Belgian Pavilion (photography: Michiel De Cleene) Belgium Pavilion If you need a relaxing break from the intensity of the biennale, then the oldest national pavilion in the Giardini is the one for you. Belgium’s Building Biospheres: A New Alliance between Nature and Architecture brings ‘plant intelligence’ to the fore. Commissioned by the Flanders Architecture Institute and curated by landscape architect Bas Smets and neurobiologist Stefano Mancuso, the exhibit investigates how the natural ‘intelligence’ of plants can be used to produce an indoor climate – elevating the role of landscape design and calling for it to no longer serve as a backdrop for architecture. Inside, more than 200 plants occupy the central area beneath the skylight, becoming the pavilion’s centrepiece, with the rear space visualising ‘real-time’ data on the prototype’s climate control performance. Spanish Pavilion (photography: Luca Capuano) Spain Pavilion One for the pure architecture lovers out there, models (32!), installations, photographs and timber structures fill the Spanish Pavilion in abundance. Neatly curated by architects Roi Salgueiro Barrio and Manuel Bouzas Barcala, Internalities shows a series of existing and research projects that have contributed to decarbonising construction in Spain. The outcome? An extensive collection of work exploring the use of very local and very specific regenerative and low-carbon construction and materials – including stone, wood and soil. The joy of this pavilion comes from the 16 beautiful timber frames constructed from wood from communal forests in Galicia. Polish Pavilion (photography: Luca Capuano) Poland Pavilion Poland’s pavilion was like Marmite this year. Some loved its playful approach while others found it silly. Lares and Penates, taking its name from ancient Roman deities of protection, has been curated by Aleksandra Kędziorek and looks at what it means and takes to have a sense of security in architecture. Speaking to many different anxieties, it refers to the unspoken assumption of treating architecture as a safe haven against the elements, catastrophes and wars – showcasing and elevating the mundane solutions and signage derived from building, fire and health regulations. The highlight? An ornate niche decorated with tiles and stones just for … a fire extinguisher. Dutch Pavilion (photography: Cristiano Corte) Netherlands Pavilion Punchy and straight to the point, SIDELINED: A Space to Rethink Togetherness takes sports as a lens for looking at how spatial design can both reveal and disrupt the often-exclusionary dynamics of everyday environments. Within the pavilion, the exhibit looks beyond the large-scale arena of the stadium and gymnasium to investigate the more localised and intimate context of the sports bar, as well as three alternative sports – a site of both social production and identity formation – as a metaphor for uniting diverse communities. The pavilion-turned-sports bar, designed by Koos Breen and Jeannette Slütter and inspired by Asger Jorn’s three-sided sports field, is a space for fluidity and experimentation where binary oppositions, social hierarchies and cultural values are contested and reshaped – complete with jerseys and football scarfs (currently a must-have fashion item) worn by players in the alternative Anonymous Allyship aligning the walls. Read Derin Fadina’s review for the AJ here. Performance inside the Nordic Countries Pavilion (photography: Venla Helenius) Nordic Countries Pavilion Probably the most impactful national pavilion this year (and with the best tote bag by far), the Nordic Countries have presented an installation with performance work. Curated by Kaisa Karvinen, Industry Muscle: Five Scores for Architecture continues Finnish artist Teo Ala-Ruona’s work on trans embodiment and ecology by considering the trans body as a lens through which to examine modern architecture and the built environment. The three-day exhibition opening featured a two-hour performance each day with Ala-Ruona and his troupe crawling, climbing and writhing around the space, creating a bodily dialogue with the installations and pavilion building itself, which was designed by celebrated Modernist architect Sverre Fehn. The American pavilion next door, loudly (country music!) turns its back on what’s going on in its own country by just celebrating the apathetical porch, making the Nordic Countries seem even more relevant in this crucial time. Read Derin Fadina’s review for the AJ here. German Pavilion (photography: Luca Capuano) Germany Pavilion An exhibit certainly grabbing the issue of climate change by its neck is the German contribution, Stresstest. Curated by Nicola Borgmann, Elisabeth Endres, Gabriele G Kiefer and Daniele Santucci, the pavilion has turned climate change into a literal physical and psychological experience for visitors by creating contrasting ‘stress’ and ‘de-stress’ rooms. In the dark stress room, a large metal sculpture creates a cramped and hot space using heating mats hung from the ceiling and powered by PVs. Opposite is a calmer space demonstrating strategies that could be used to reduce the heat of cities, and between the two spaces is a film focusing on the impacts of cities becoming hotter. If this doesn’t highlight the urgency of the situation, I’m not sure what will. Best bits of the Arsenale outside the main exhibitions Bahrain Pavilion (photography: Andrea Avezzù) Bahrain Pavilion Overall winner of this year’s Golden Lion for best national participation, Bahrain’s pavilion in the historic Artiglierie of the Arsenale is a proposal for living and working through heat conditions. Heatwave, curated by architect Andrea Faraguna, reimagines public space design by exploring passive cooling strategies rooted in the Arab country’s climate, as well as cultural context. A geothermal well and solar chimney are connected through a thermo-hygrometric axis that links underground conditions with the air outside. The inhabitable space that hosts visitors is thus compressed and defined by its earth-covered floor and suspended ceiling, and is surrounded by memorable sandbags, highlighting its scalability for particularly hot construction sites in the Gulf where a huge amount of construction is taking place. In the Arsenale’s exhibition space, where excavation wasn’t feasible, this system has been adapted into mechanical ventilation, bringing in air from the canal side and channelling it through ductwork to create a microclimate. Slovenian Pavilion (photography: Andrea Avezzù) Slovenia Pavilion The AJ’s Rob Wilson’s top pavilion tip this year provides an enjoyable take on the theme of the main exhibition, highlighting how the tacit knowledge and on-site techniques and skills of construction workers and craftspeople are still the key constituent in architectural production despite all the heat and light about robotics, prefabrication, artificial intelligence and 3D printing. Master Builders, curated by Ana Kosi and Ognen Arsov and organised by the Museum of Architecture and Design (MAO) in Ljubljana, presents a series of ‘totems’ –accumulative sculpture-like structures that are formed of conglomerations of differently worked materials, finishes and building elements. These are stacked up into crazy tower forms, which showcase various on-site construction skills and techniques, their construction documented in accompanying films. Uzbekistan Pavilion (photography: Luca Capuano) Uzbekistan Pavilion Uzbekistan’s contribution explores the Soviet era solar furnace and Modernist legacy. Architecture studio GRACE, led by curators Ekaterina Golovatyuk and Giacomo Cantoni have curated A Matter of Radiance. The focus is the Sun Institute of Material Science – originally known as the Sun Heliocomplex – an incredible large-scale scientific structure built in 1987 on a natural, seismic-free foundation near Tashkent and one of only two that study material behaviour under extreme temperatures. The exhibition examines the solar oven’s site’s historical and contemporary significance while reflecting on its scientific legacy and influence moving beyond just national borders. Applied Arts Pavilion (photography: Andrea Avezzù) V&A Applied Arts Pavilion Diller Scofidio + Renfro (DS+R) is having a moment. The US-based practice, in collaboration with V&A chief curator Brendan Cormier, has curated On Storage, which aptly explores global storage architectures in a pavilion that strongly links to the V&A’s recent opening of Storehouse, its new (and free) collections archive in east London. Featured is a six-channel (and screen) film entitled Boxed: The Mild Boredom of Order, directed by the practice itself and following a toothbrush, as a metaphor for an everyday consumer product, on its journey through different forms of storage across the globe – from warehouse to distribution centre to baggage handlers down to the compact space of a suitcase. Also on display are large-format photographs of V&A East Storehouse, DS+R’s original architectural model and sketchbook and behind-the-scenes photography of Storehouse at work, taken by emerging east London-based photographers. Canal Café (photography: Marco Zorzanello) Canal café Golden Lion for the best participation in the actual exhibition went to Canal Café, an intervention designed by V&A East Storehouse’s architect DS+R with Natural Systems Utilities, SODAI, Aaron Betsky and Davide Oldani. Serving up canal-water espresso, the installation is a demonstration of how Venice itself can be a laboratory to understand how to live on the water in a time of water scarcity. The structure, located on the edge of the Arsenale’s building complex, draws water from its lagoon before filtering it onsite via a hybrid of natural and artificial methods, including a mini wetland with grasses. The project was recognised for its persistence, having started almost 20 years ago, just showing how water scarcity, contamination and flooding are still major concerns both globally and, more locally, in the tourist-heavy city of Venice. And what else? Holy See Pavilion (photography: Andrea Avezzù) The Holy See Much like the Danish Pavilion, the Pavilion of the Holy See is also taking on an approach of renewal this year. Over the next six months, Opera Aperta will breathe new life into the Santa Maria Ausiliatrice Complex in the Castello district of Venice. Founded as a hospice for pilgrims in 1171, the building later became the oldest hospital and was converted into school in the 18th century. In 2001, the City of Venice allocated it for cultural use and for the next four years it will be managed by the Dicastery for Culture and Education of the Holy See to oversee its restoration. Curated by architect, curator and researcher Marina Otero Verzier and artistic director of Fondaco Italia, Giovanna Zabotti, the complex has been turned into a constant ‘living laboratory’ of collective repair – and received a special mention in the biennale awards. The restoration works, open from Tuesday to Friday, are being carried out by local artisans and specialised restorers with expertise in recovering stone, marble, terracotta, mural and canvas painting, stucco, wood and metal artworks. The beauty, however, lies in the photogenic fabrics, lit by a warm yellow glow, hanging from the walls within, gently wrapping the building’s surfaces, leaving openings that allow movement and offer glimpses of the ongoing restoration. Mobile scaffolding, used to support the works, also doubles up as furniture, providing space for equipment and subdividing the interior. Togo Pavilion (photography: Andrea Avezzù) Togo Pavilion The Republic of Togo has presented its first pavilion ever at the biennale this year with the project Considering Togo’s Architectural Heritage, which sits intriguingly at the back of a second-hand furniture shop. The inaugural pavilion is curated by Lomé and Berlin-based Studio NEiDA and is in Venice’s Squero Castello. Exploring Togo’s architectural narratives from the early 20th century, and key ongoing restoration efforts, it documents key examples of the west African country’s heritage, highlighting both traditional and more modern building techniques – from Nôk cave dwellings to Afro-Brazilian architecture developed by freed slaves to post-independence Modernist buildings. Some buildings showcased are in disrepair, despite most of the modern structures remaining in use today, including Hotel de la Paix and the Bourse du Travail, suggestive of a future of repair and celebration. Estonian Pavilion (photography: Joosep Kivimäe) Estonia Pavilion Another firm favourite this year is the Estonian exhibition on Riva dei Sette Martiri on the waterfront between Corso Garibaldi and the Giardini.  The Guardian’s Olly Wainwright said that outside the Giardini, it packed ‘the most powerful punch of all.’ Simple and effective, Let Me Warm You, curated by trio of architects Keiti Lige, Elina Liiva and Helena Männa, asks whether current insulation-driven renovations are merely a ‘checkbox’ to meet European energy targets or ‘a real chance’ to enhance the spatial and social quality of mass housing. The façade of the historic Venetian palazzetto in which it is housed is clad with fibre-cement insulation panels in the same process used in Estonia itself for its mass housing – a powerful visual statement showcasing a problematic disregard for the character and potential of typical habitable spaces. Inside, the ground floor is wrapped in plastic and exhibits how the dynamics between different stakeholders influence spatial solutions, including named stickers to encourage discussion among your peers. Venice Procuratie (photography: Mike Merkenschlager) SMAC (San Marco Art Centre) Timed to open to the public at the same time as the biennale, SMAC is a new permanent arts institution in Piazza San Marco, on the second floor of the Procuratie, which is owned by Generali. The exhibition space, open to the public for the first time in 500 years, comprises 16 galleries arranged along a continuous corridor stretching over 80m, recently restored by David Chipperfield Architects. Visitors can expect access through a private courtyard leading on to a monumental staircase and experience a typically sensitive Chipperfield restoration, which has revived the building’s original details: walls covered in a light grey Venetian marmorino made from crushed marble and floors of white terrazzo. During the summer, its inaugural programme features two solo exhibitions dedicated to Australian modern architect Harry Seidler and Korean landscape designer Jung Youngsun. Holcim's installation (photography: Celestia Studio) Holcim x Elemental Concrete manufacturer Holcim makes an appearance for a third time at Venice, this time partnering with Chilean Pritzker Prize-winning Alejandro Aravena’s practice Elemental – curator of the 2016 biennale – to launch a resilient housing prototype that follows on from the Norman Foster-designed Essential Homes Project. The ‘carbon-neutral’ structure incorporates Holcim’s range of low-carbon concrete ECOPact and is on display as part of the Time Space Existence exhibition organised by the European Cultural Centre in their gardens. It also applies Holcim’s ‘biochar’ technology for the first time, a concrete mix with 100 per cent recycled aggregates, in a full-scale Basic Services Unit. This follows an incremental design approach, which could entail fast and efficient construction via the provision of only essential housing components, and via self-build. The Next Earth at Palazzo Diedo (photography: Joan Porcel) The Next Earth At Palazzo Diedo’s incredible dedicated Berggruen Arts and Culture space, MIT’s department of architecture and think tank Antikythera (apparently taking its name from the first-known computer) have come together to create the exhibition The Next Earth: Computation, Crisis, Cosmology, which questions how philosophy and architecture must and can respond to various planet-wide crises. Antikythera’s The Noocene: Computation and Cosmology from Antikythera to AI looks at the evolution of ‘planetary computation’ as an ‘accidental’ megastructure through which systems, from the molecular to atmospheric scales, become both comprehensible and composable. What is actually on display is an architectural scale video monolith and short films on AI, astronomy and artificial life, as well as selected artefacts. MIT’s Climate Work: Un/Worlding the Planet features 37 works-in-progress, each looking at material supply chains, energy expenditure, modes of practice and deep-time perspectives. Take from it what you will. The 19th International Venice Architecture Biennale remains open until Sunday, 23 November 2025.

cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

DanaBot Feds charge 16 Russians allegedly tied to botnets used in cyberattacks and spying An example of how a single malware operation can enable both criminal and state-sponsored hacking. Andy Greenberg, WIRED.com – May 23, 2025 3:56 pm | 0 Credit: Getty Images Credit: Getty Images Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only   Learn more The hacker ecosystem in Russia, more than perhaps anywhere else in the world, has long blurred the lines between cybercrime, state-sponsored cyberwarfare, and espionage. Now an indictment of a group of Russian nationals and the takedown of their sprawling botnet offers the clearest example in years of how a single malware operation allegedly enabled hacking operations as varied as ransomware, wartime cyberattacks in Ukraine, and spying against foreign governments. The US Department of Justice today announced criminal charges today against 16 individuals law enforcement authorities have linked to a malware operation known as DanaBot, which according to a complaint infected at least 300,000 machines around the world. The DOJ’s announcement of the charges describes the group as “Russia-based,” and names two of the suspects, Aleksandr Stepanov and Artem Aleksandrovich Kalinkin, as living in Novosibirsk, Russia. Five other suspects are named in the indictment, while another nine are identified only by their pseudonyms. In addition to those charges, the Justice Department says the Defense Criminal Investigative Service (DCIS)—a criminal investigation arm of the Department of Defense—carried out seizures of DanaBot infrastructure around the world, including in the US. Aside from alleging how DanaBot was used in for-profit criminal hacking, the indictment also makes a rarer claim—it describes how a second variant of the malware it says was used in espionage against military, government, and NGO targets. “Pervasive malware like DanaBot harms hundreds of thousands of victims around the world, including sensitive military, diplomatic, and government entities, and causes many millions of dollars in losses,” US attorney Bill Essayli wrote in a statement. Since 2018, DanaBot—described in the criminal complaint as “incredibly invasive malware”—has infected millions of computers around the world, initially as a banking trojan designed to steal directly from those PCs' owners with modular features designed for credit card and cryptocurrency theft. Because its creators allegedly sold it in an “affiliate” model that made it available to other hacker groups for $3,000 to $4,000 a month, however, it was soon used as a tool to install different forms of malware in a broad array of operations, including ransomware. Its targets, too, quickly spread from initial victims in Ukraine, Poland, Italy, Germany, Austria, and Australia to US and Canadian financial institutions, according to an analysis of the operation by cybersecurity firm Crowdstrike. At one point in 2021, according to Crowdstrike, Danabot was used in a software supply-chain attack that hid the malware in a JavaScript coding tool called NPM with millions of weekly downloads. Crowdstrike found victims of that compromised tool across the financial service, transportation, technology, and media industries. That scale and the wide variety of its criminal uses made DanaBot “a juggernaut of the e-crime landscape,” according to Selena Larson, a staff threat researcher at cybersecurity firm Proofpoint. More uniquely, though, DanaBot has also been used at times for hacking campaigns that appear to be state-sponsored or linked to Russian government agency interests. In 2019 and 2020, it was used to target a handful of Western government officials in apparent espionage operations, according to the DOJ's indictment. According to Proofpoint, the malware in those instances was delivered in phishing messages that impersonated the Organization for Security and Cooperation in Europe and a Kazakhstan government entity. Then, in the early weeks of Russia's full-scale invasion of Ukraine, which began in February 2022, DanaBot was used to install a distributed denial-of-service (DDoS) tool onto infected machines and launch attacks against the webmail server of the Ukrainian Ministry of Defense and National Security and Defense Council of Ukraine. All of that makes DanaBot a particularly clear example of how cybercriminal malware has allegedly been adopted by Russian state hackers, Proofpoint's Larson says. “There have been a lot of suggestions historically of cybercriminal operators palling around with Russian government entities, but there hasn't been a lot of public reporting on these increasingly blurred lines,” says Larson. The case of DanaBot, she says, “is pretty notable, because it's public evidence of this overlap where we see e-crime tooling used for espionage purposes.” In the criminal complaint, DCIS investigator Elliott Peterson—a former FBI agent known for his work on the investigation into the creators of the Mirai botnet—alleges that some members of the DanaBot operation were identified after they infected their own computers with the malware. Those infections may have been for the purposes of testing the trojan, or may have been accidental, according to Peterson. Either way, they resulted in identifying information about the alleged hackers ending up on DanaBot infrastructure that DCIS later seized. “The inadvertent infections often resulted in sensitive and compromising data being stolen from the actor's computer by the malware and stored on DanaBot servers, including data that helped identify members of the DanaBot organization,” Peterson writes. The operators of DanaBot remain at large, but the takedown of a large-scale tool in so many forms of Russian-origin hacking—both state-sponsored and criminal—represents a significant milestone, says Adam Meyers, who leads threat intelligence research at Crowdstrike. “Every time you disrupt a multiyear operation, you're impacting their ability to monetize it. It also creates a bit of a vacuum, and somebody else is going to step up and take that place,” Meyers says. “But the more we can disrupt them, the more we keep them on their back heels. We should rinse and repeat and go find the next target.” This story originally appeared at wired.com Andy Greenberg, WIRED.com Wired.com is your essential daily guide to what's next, delivering the most original and complete take you'll find anywhere on innovation's impact on technology, science, business and culture. 0 Comments

The U.S. Department of Justice (DoJ) on Thursday announced the disruption of the online infrastructure associated with DanaBot (aka DanaTools) and unsealed charges against 16 individuals for their alleged involvement in the development and deployment of the malware, which it said was controlled by a Russia-based cybercrime organization. The malware, the DoJ said, infected more than 300,000 victim computers around the world, facilitated fraud and ransomware, and caused at least $50 million in damages. Two of the defendants, Aleksandr Stepanov (aka JimmBee), 39, and Artem Aleksandrovich Kalinkin (aka Onix), 34, both from Novosibirsk, Russia, are currently at large. Stepanov has been charged with conspiracy, conspiracy to commit wire fraud and bank fraud, aggravated identity theft, unauthorized access to a protected computer to obtain information, unauthorized impairment of a protected computer, wiretapping, and use of an intercepted communication. Kalinkin has been charged with conspiracy to gain unauthorized access to a computer to obtain information, to gain unauthorized access to a computer to defraud, and to commit unauthorized impairment of a protected computer. The unsealed criminal complaint and indictment show that many of the defendants, counting Kalinkin, exposed their real-life identities after accidentally infecting their own systems with the malware. "In some cases, such self-infections appeared to be deliberately done in order to test, analyze, or improve the malware," the complaint [PDF] read. "In other cases, the infections seemed to be inadvertent – one of the hazards of committing cybercrime is that criminals will sometimes infect themselves with their own malware by mistake." "The inadvertent infections often resulted in sensitive and compromising data being stolen from the actor's computer by the malware and stored on the DanaBot servers, including data that helped identify members of the DanaBot organization." If convicted, Kalinkin is expected to face a statutory maximum sentence of 72 years in federal prison. Stepanov would face a jail term of five years. Concurrent with the action, the law enforcement effort, carried out as part of Operation Endgame, saw DanaBot's command-and-control (C2) servers seized, including dozens of virtual servers hosted in the United States. "DanaBot malware used a variety of methods to infect victim computers, including spam email messages containing malicious attachments or hyperlinks," the DoJ said. "Victim computers infected with DanaBot malware became part of a botnet (a network of compromised computers), enabling the operators and users of the botnet to remotely control the infected computers in a coordinated manner." DanaBot, like the recently dismantled Lumma Stealer malware, operates under a malware-as-a-service (MaaS) scheme, with the administrators leasing out access starting from $500 to "several thousand dollars" a month. Tracked under the monikers Scully Spider and Storm-1044, is a multi-functional tool along the lines of Emotet, TrickBot, QakBot, and IcedID that's capable of acting as a stealer and a delivery vector for next-stage payloads, such as ransomware. The Delphi-based modular malware is equipped to siphon data from victim computers, hijack banking sessions, and steal device information, user browsing histories, stored account credentials, and virtual currency wallet information. It can also provide full remote access, log keystrokes, and capture videos. It's been active in the wild since its debut in May 2018, when it started off as a banking trojan. Example of typical Danabot infrastructure "DanaBot initially targeted victims in Ukraine, Poland, Italy, Germany, Austria, and Australia prior to expanding its targeting posture to include U.S.- and Canada-based financial institutions in October 2018," CrowdStrike said. "The malware's popularity grew due to its early modular development supporting Zeus-based web injects, information stealer capabilities, keystroke logging, screen recording, and hidden virtual network computing (HVNC) functionality." According to Black Lotus Labs and Team Cymru, DanaBot employs a layered communications infrastructure between a victim and the botnet controllers, wherein the C2 traffic is proxied through two or three server tiers before it reaches the final level. At least five to six tier-2 servers were active at any given time. A majority of DanaBot victims are concentrated around Brazil, Mexico, and the United States. "The operators have shown their commitment to their craft, adapted to detection and changes in enterprise defense, and with later iterations, insulating the C2s in tiers to obfuscate tracking," the companies said. "Throughout this time, they have made the bot more user-friendly with structured pricing and customer support." High-level diagram of multi-tiered C2 architecture The DoJ said DanaBot administrators operated a second version of the botnet that was specially designed to target victim computers in military, diplomatic, government, and related entities in North America and Europe. This variant, emerging in January 2021, came fitted with capabilities to record all interactions happening on a victim device and send the data to a different server. "Pervasive malware like DanaBot harms hundreds of thousands of victims around the world, including sensitive military, diplomatic, and government entities, and causes many millions of dollars in losses," said United States Attorney Bill Essayli for the Central District of California. The DoJ further credited several private sector firms, Amazon, CrowdStrike, ESET, Flashpoint, Google, Intel 471, Lumen, PayPal, Proofpoint, Spycloud, Team Cymru, and Zscaler, for providing "valuable assistance." Some of the noteworthy aspects of DanaBot, compiled from various reports, are below - DanaBot's sub-botnet 5 received commands to download a Delphi-based executable leveraged to conduct HTTP-based distributed denial-of-service (DDoS) attacks against the Ukrainian Ministry of Defence (MOD) webmail server and the National Security and Defense Council (NSDC) of Ukraine in March 2022, shortly after Russia's invasion of the country Two DanaBot sub-botnets, 24 and 25, were specifically used for espionage purposes likely with an aim to further intelligence-gathering activities on behalf of Russian government interests DanaBot operators have periodically restructured their offering since 2022 to focus on defense evasion, with at least 85 distinct build numbers identified to date (The most recent version is 4006, which was compiled in March 2025) The malware's infrastructure consists of multiple components: A "bot" that infects target systems and performs data collection, an "OnlineServer" that manages the RAT functionalities, a "client" for processing collected logs and bot management, and a "server" that handles bot generation, packing, and C2 communication DanaBot has been used in targeted espionage attacks against government officials in the Middle East and Eastern Europe The authors of DanaBot operate as a single group, offering the malware for rent to potential affiliates, who subsequently use it for their own malicious purposes by establishing and managing their own botnets using private servers DanaBot's developers have partnered with the authors of several malware cryptors and loaders, such as Matanbuchus, and offered special pricing for distribution bundles DanaBot maintained an average of 150 active tier-1 C2 servers per day, with approximately 1,000 daily victims across more than 40 countries, making it one of the largest MaaS platforms active in 2025 Proofpoint, which first identified and named DanaBot in May 2018, said the disruption of the MaaS operation is a win for defenders and that it will have an impact on the cybercriminal threat landscape. "Cybercriminal disruptions and law enforcement actions not only impair malware functionality and use but also impose a cost to threat actors by forcing them to change their tactics, cause mistrust in the criminal ecosystem, and potentially make criminals think about finding a different career," Selena Larson, a staff threat researcher at Proofpoint, said. "These successes against cyber criminals only come about when business IT teams and security service providers share much-needed insight into the biggest threats to society, affecting the greatest number of people around the world, which law enforcement can use to track down the servers, infrastructure, and criminal organizations behind the attacks. Private and public sector collaboration is crucial to knowing how actors operate and taking action against them." DanaBot's features as promoted on its support site DoJ Unseals Charges Against QakBot Leader The development comes as the DoJ unsealed charges against a 48-year-old Moscow resident, Rustam Rafailevich Gallyamo, for leading efforts to develop and maintain the QakBot malware, which was disrupted in a multinational operation in August 2023. The agency also filed a civil forfeiture complaint against over $24 million in cryptocurrency seized from Gallyamov over the course of the investigation. "Gallyamov developed, deployed, and controlled the Qakbot malware beginning in 2008," the DoJ said. "From 2019 onward, Gallyamov allegedly used the Qakbot malware to infect thousands of victim computers around the world in order to establish a network, or 'botnet,' of infected computers." The DoJ revealed that, following the takedown, Gallyamov and his co-conspirators continued their criminal activities by switching to other tactics like "spam bomb" attacks in order to gain unauthorized access to victim networks and deploy ransomware families like Black Basta and CACTUS. Court documents accuse the e-crime group of engaging in these methods as recently as January 2025. "Mr. Gallyamov's bot network was crippled by the talented men and women of the FBI and our international partners in 2023, but he brazenly continued to deploy alternative methods to make his malware available to criminal cyber gangs conducting ransomware attacks against innocent victims globally," said Assistant Director in Charge Akil Davis of the FBI's Los Angeles Field Office. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

The U.S. unsealed charges against 16 individuals behind DanaBot, a malware-as-a-service platform responsible for over $50 million in global losses. "The FBI says a newer version of DanaBot was used for espionage, and that many of the defendants exposed their real-life identities after accidentally infecting their own systems with the malware," reports KrebsOnSecurity. From the report: Initially spotted in May 2018 by researchers at the email security firm Proofpoint, DanaBot is a malware-as-a-service platform that specializes in credential theft and banking fraud. Today, the U.S. Department of Justice unsealed a criminal complaint and indictment from 2022, which said the FBI identified at least 40 affiliates who were paying between $3,000 and $4,000 a month for access to the information stealer platform. The government says the malware infected more than 300,000 systems globally, causing estimated losses of more than $50 million. The ringleaders of the DanaBot conspiracy are named as Aleksandr Stepanov, 39, a.k.a. "JimmBee," and Artem Aleksandrovich Kalinkin, 34, a.k.a. "Onix," both of Novosibirsk, Russia. Kalinkin is an IT engineer for the Russian state-owned energy giant Gazprom. His Facebook profile name is "Maffiozi." According to the FBI, there were at least two major versions of DanaBot; the first was sold between 2018 and June 2020, when the malware stopped being offered on Russian cybercrime forums. The government alleges that the second version of DanaBot -- emerging in January 2021 -- was provided to co-conspirators for use in targeting military, diplomatic and non-governmental organization computers in several countries, including the United States, Belarus, the United Kingdom, Germany, and Russia. The indictment says the FBI in 2022 seized servers used by the DanaBot authors to control their malware, as well as the servers that stored stolen victim data. The government said the server data also show numerous instances in which the DanaBot defendants infected their own PCs, resulting in their credential data being uploaded to stolen data repositories that were seized by the feds. "In some cases, such self-infections appeared to be deliberately done in order to test, analyze, or improve the malware," the criminal complaint reads. "In other cases, the infections seemed to be inadvertent -- one of the hazards of committing cybercrime is that criminals will sometimes infect themselves with their own malware by mistake." A statement from the DOJ says that as part of today's operation, agents with the Defense Criminal Investigative Service (DCIS) seized the DanaBot control servers, including dozens of virtual servers hosted in the United States. The government says it is now working with industry partners to notify DanaBot victims and help remediate infections. The statement credits a number of security firms with providing assistance to the government, including ESET, Flashpoint, Google, Intel 471, Lumen, PayPal, Proofpoint, Team CYRMU, and ZScaler. Read more of this story at Slashdot.

Stormteller Games’ Lost in Random: The Eternal Die, the sequel to Zoink’s Lost in Random, is out on June 17th. Published by Thunderful, it will be available for Xbox Series X/S, PS5, Nintendo Switch and PC for $22.49 if you pre-order. It’s also available on Game Pass at launch. Check out the latest gameplay trailer below. The story follows The Queen from the previous game, fallen from grace and now going by Aleksandra. Joined by Fortune, they must navigate Mare the Knight’s Black Die and try to escape. There are four different weapons and over 100 Relics for players to utilize. The four worlds are randomly generated with over 30 enemy types and bosses to fight. Lost in Random: The Eternal Die also has a Premium Edition, discounted to $24.64 until June 17th, which offers four days of early access. You can also avail a digital art book, cosmetic DLC, and a soundtrack. Stay tuned for more details en route to its launch.

Studio 42 secures $3.6m in seed funding round Led by Play Ventures, new mobile studio will use investment to accelerate development of debut game Image credit: Studio 42 | Left to right: Aleksandr Bogdanov, Ivan Larionov, Pavel Sudakov News by Sophie McEvoy Staff Writer Published on May 15, 2025 Mbile developer Studio 42 has raised $3.6 million in a seed funding round led by Play Ventures, with participation from GEM Capital and Arcadia Gaming Partners. The investment will be used to support development of its debut title and future product ideas. Based in Cyprus, Studio 42 currently has a team of 14 people working across four countries. The studio was founded earlier this year by CEO Aleksandr Bogdanov, COO Ivan Larionov, and CPO Pavel Sudakov, who were previously leaders at Belka Games. "We are excited to partner with Play Ventures, GEM Capital, and Arcadia Gaming Partners and take the next step in our journey," said Bogdanov. "Their support allows us to focus on what we do best – creating simple yet deeply engaging experiences. We believe that genius lies in simplicity, and together, we are ready to bring fresh ideas to the puzzle genre." Play Ventures founding partner Henric Suuronen added: "We're thrilled to back Alexsandr, Ivan, Pavel, and the incredible team they've brought together at Studio 42. "From the start, we were aligned with their vision – reimagining core puzzle mechanics through a hybrid-casual lens, with live ops as a strategic driver. Their track record speaks for itself, and we couldn't be prouder to support them."

Apple Adds Brain-to-Computer Protocol to Its Accessibility Repertoire By John P. Mello Jr. May 14, 2025 5:00 AM PT ADVERTISEMENT Rubrik Foward 2025: The Future of Cyber Resilience is here When an attacker comes for your business, will you be ready? Chart your path to cyber resilience and keep your business running. June 4 | Virtual Event | Register Now Among a raft of upcoming accessibility tools revealed Tuesday, Apple announced a new protocol for brain-to-computer interfaces (BCIs) within its Switch Control feature. The protocol allows iOS, iPadOS, and visionOS devices to support an emerging technology that enables users to control their digital hardware without physical movement. One of the first companies to take advantage of the new protocol will be New York-based Synchron. “This marks a major milestone in accessibility and neurotechnology, where users implanted with Synchron’s BCI can control iPhone, iPad, and Apple Vision Pro directly with their thoughts without the need for physical movement or voice commands,” the company said in a statement. It added that Synchron’s BCI system will seamlessly integrate with Apple’s built-in accessibility features, including Switch Control, giving users an intuitive way to use their devices and laying the foundation for a new generation of cognitive input technologies. “This marks a defining moment for human-device interaction,” Synchron CEO and Co-Founder Tom Oxley said in a statement. “BCI is more than an accessibility tool, it’s a next-generation interface layer.” “Apple is helping to pioneer a new interface paradigm, where brain signals are formally recognized alongside touch, voice, and typing,” he continued. “With BCI recognized as a native input for Apple devices, there are new possibilities for people living with paralysis and beyond.” BCI Validation Tetiana Aleksandrova, CEO of Subsense, a biotechnology company in Covina, Calif., specializing in non-surgical bidirectional brain-computer interfaces, maintained Apple’s announcement marks a powerful signal showing the evolution of BCI. “I see it as Apple throwing open the gates — a single-stroke move that invites clinically-validated BCIs like Synchron’s Stentrode to plug straight into a billion-device ecosystem,” she told TechNewsWorld. “For patients, it means ‘mind-to-message’ control without middleware,” she said. “For the BCI industry, it’s a public stamp that neural input is ready for prime time — and yes, that’s a thrilling milestone for all of us building the next generation of non-surgical systems. It’s a shift, moving BCI from a nascent technology to more mainstream applications.” Aleksandrova maintained that BCI fits nicely into Apple’s overall accessibility strategy. “Apple’s playbook is to solve an extreme edge case, polish the UX until it’s invisible, then let the rest of the world adopt it,” she explained. “VoiceOver paved the way for Siri. Switch Control turned into Face Gestures. BCI support is the natural next rung on that ladder. Accessibility isn’t a side quest for Apple — it’s the R and D lab that future-proofs their core UI.” “Apple devices put unlimited information at users’ fingertips,” she added, “but for people with disabilities from TBI or ALS, full access can be out of reach. BCI technology helps bridge that gap, giving them a way to control and interact with their devices using only their brain activity.” Analysts See BCI as Long-Term Technology Apple’s embrace of BCI is significant, but its impact still lies in the future, noted Will Kerwin, technology equity analyst with Morningstar Research Services in Chicago. “While a particularly cool announcement, we think this type of feature is a long way away from full commercialization and not material to investors in Apple at this point,” he told TechNewsWorld. Kerwin pointed out that Synchron’s Stentrode BCI currently only has a sample size of 10 people. “Long-term, yes, this technology could have huge implications for how humans interact with technology, and we see it as an adjacency to AI, where generative AI could help improve the interface and ability for humans to communicate via the implant,” he said. “But again, we see this as an extremely long-term journey in its nascent days.” According to the Wall Street Journal, FDA approval of Synchron’s Stenrode technology is years away. The procedure involves implanting a stent-mounted electrode array into a blood vessel in the brain, so there’s no need for open brain surgery. “Some companies in the BCI space are focused on cortical control of prosthetics, others on cognitive enhancement or memory restoration,” Synchron spokesperson Kimberly Ha told TechNewsWorld. “What sets us apart is our focus on scalability and safety. By implanting via the blood vessels, we avoid open brain surgery, making our approach more feasible for potentially broader medical use.” Solving the BCI Scalability Problem Ha acknowledged that there are significant challenges to the broad adoption of BCI. “Scalability is one of the biggest,” she said. “Historically, many BCI systems have required open brain surgery, which presents serious risks and limits to who can access the technology,” she explained. “It’s simply not scalable for widespread clinical or consumer use.” “Synchron takes a fundamentally different approach,” she continued. “Our Stentrode device is implanted via the blood vessels, similar to a heart stent, avoiding the need to open the skull or directly penetrate brain tissue. This makes the procedure far less invasive, more accessible to patients, and better suited to real-world clinical deployment.” There are also challenges to developing the BCI apps themselves. “The biggest challenge in developing BCI applications is the trade-off between signal quality and accessibility,” Aleksandrova explained. “While a directly implanted BCI offers strong brain signals, surgery is risky. With non-invasive systems, the resolution is poor.” Her company, Subsense, is trying to offer the best of both worlds through the use of nanoparticles, which can provide bidirectional communication by crossing the blood-brain barrier to interact with neurons and transmit signals. Thought-Driven Interfaces for New Use Cases Ha noted that in addition to medical applications, BCI could be used for hands-free device control across all types of digital platforms, neuroadaptive gaming, or immersive XR experiences. “BCI opens doors to applications in mental wellness, communication tools, and cognitive enhancement,” Aleksandrova added. “You’ll fire off texts, browse AR screens, or write code just by thinking,” she said. “You’ll slip seamlessly into a drone or handle a surgical robot as though it were your own hand, and nudge your smart home with a silent impulse that dims the lights when focus peaks.” “Entertainment will read the room inside your head — dialing a game’s difficulty or a film’s plot to match your mood — while always-on neural metrics warn of fatigue, migraines, or anxiety hours before you notice and even surface names or ideas when your memory stalls,” she predicted. “Your unique brainwave ‘fingerprint’ will replace passwords, and researchers are already sketching ways to preserve those patterns so our minds can outlast failing bodies.” “I’m genuinely proud of Synchron and Apple for opening this door,” she said. John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John. Leave a Comment Click here to cancel reply. Please sign in to post or reply to a comment. New users create a free account. More by John P. Mello Jr. view all More in Science