On 21 May, the US Department of Justice unsealed charges against 16 individuals said to have operated and sold DanaBot, an information-stealing malware.
DanaBot was first spotted in May 2018 on Russian cybercrime forums, and is capable of credential theft and banking fraud.
The FBI has identified at least 40 affiliates who accessed the malware, which infected more than 300,000 systems globally, causing estimated losses of more than $50m.
The FBI said a newer version of DanaBot was used for espionage, stealing sensitive diplomatic communications, credentials and other data.
Two ringleaders have been named as Aleksandr Stepanov, 39, and Artem Aleksandrovich Kalinkin, 34, both of Novosibirsk, Russia.