A new US indictment against a group of Russian nationals offers a clear example of how, authorities say, a single malware operation can enable both criminal and state-sponsored hacking.

The hacker ecosystem in Russia, more than perhaps anywhere else in the world, has long blurred the lines between cybercrime, state-sponsored cyberwarfare, and espionage. Now an indictment of a group of Russian nationals and the takedown of their sprawling botnet offers the clearest example in years of how a single malware operation allegedly enabled hacking operations as varied as ransomware, wartime cyberattacks in Ukraine, and spying against foreign governments.

The US Department of Justice today announced criminal charges today against 16 individuals law enforcement authorities have linked to a malware operation known as DanaBot, which according to a complaint infected at least 300,000 machines around the world. The DOJ’s announcement of the charges describes the group as “Russia-based,” and names two of the suspects, Aleksandr Stepanov and Artem Aleksandrovich Kalinkin, as living in Novosibirsk, Russia. Five other suspects are named in the indictment, while another nine are identified only by their pseudonyms. In addition to those charges, the Justice Department says the Defense Criminal Investigative Service (DCIS)—a criminal investigation arm of the Department of Defense—carried out seizures of DanaBot infrastructure around the world, including in the US.

Aside from alleging how DanaBot was used in for-profit criminal hacking, the indictment also makes a rarer claim—it describes how a second variant of the malware it says was used in espionage against military, government, and NGO targets. “Pervasive malware like DanaBot harms hundreds of thousands of victims around the world, including sensitive military, diplomatic, and government entities, and causes many millions of dollars in losses,” US attorney Bill Essayli wrote in a statement.

Since 2018, DanaBot—described in the criminal complaint as “incredibly invasive malware”—has infected millions of computers around the world, initially as a banking trojan designed to steal directly from those PCs' owners with modular features designed for credit card and cryptocurrency theft. Because its creators allegedly sold it in an “affiliate” model that made it available to other hacker groups for $3,000 to $4,000 a month, however, it was soon used as a tool to install different forms of malware in a broad array of operations, including ransomware. Its targets, too, quickly spread from initial victims in Ukraine, Poland, Italy, Germany, Austria, and Australia to US and Canadian financial institutions, according to an analysis of the operation by cybersecurity firm Crowdstrike.

At one point in 2021, according to Crowdstrike, Danabot was used in a software supply-chain attack that hid the malware in a javascript coding tool called NPM with millions of weekly downloads. Crowdstrike found victims of that compromised tool across the financial service, transportation, technology, and media industries.

That scale and the wide variety of its criminal uses made DanaBot “a juggernaut of the e-crime landscape,” according to Selena Larson, a staff threat researcher at cybersecurity firm Proofpoint.

More uniquely, though, DanaBot has also been used at times for hacking campaigns that appear to be state-sponsored or linked to Russian government agency interests. In 2019 and 2020, it was used to target a handful of Western government officials in apparent espionage operations, according to the DOJ's indictment. According to Proofpoint, the malware in those instances was delivered in phishing messages that impersonated the Organization for Security and Cooperation in Europe and a Kazakhstan government entity.

Then, in the early weeks of Russia's full-scale invasion of Ukraine, which began in February 2022, DanaBot was used to install a distributed denial-of-service (DDoS) tool onto infected machines and launch attacks against the webmail server of the Ukrainian Ministry of Defense and National Security and Defense Council of Ukraine.

All of that makes DanaBot a particularly clear example of how cybercriminal malware has allegedly been adopted by Russian state hackers, Proofpoint's Larson says. “There have been a lot of suggestions historically of cybercriminal operators palling around with Russian government entities, but there hasn't been a lot of public reporting on these increasingly blurred lines,” says Larson. The case of DanaBot, she says, “is pretty notable, because it's public evidence of this overlap where we see e-crime tooling used for espionage purposes.”

In the criminal complaint, DCIS investigator Elliott Peterson—a former FBI agent known for his work on the investigation into the creators of the Mirai botnet—alleges that some members of the DanaBot operation were identified after they infected their own computers with the malware. Those infections may have been for the purposes of testing the trojan, or may have been accidental, according to Peterson. Either way, they resulted in identifying information about the alleged hackers ending up on DanaBot infrastructure that DCIS later seized. “The inadvertent infections often resulted in sensitive and compromising data being stolen from the actor's computer by the malware and stored on DanaBot servers, including data that helped identify members of the DanaBot organization,” Peterson writes.

The operators of DanaBot remain at large, but the takedown of a large-scale tool in so many forms of Russian-origin hacking—both state-sponsored and criminal—represents a significant milestone, says Adam Meyers, who leads threat intelligence research at Crowdstrike.

“Every time you disrupt a multiyear operation, you're impacting their ability to monetize it. It also creates a bit of a vacuum, and somebody else is going to step up and take that place,” Meyers says. “But the more we can disrupt them, the more we keep them on their back heels. We should rinse and repeat and go find the next target.”

Feds Charge 16 Russians Allegedly Tied to Botnets Used in Ransomware, Cyberattacks, and Spying

On today’s episode of ‘Uncanny Valley,’ we discuss how WIRED was able to legally 3D-print the same gun allegedly used by Luigi Mangione, and where US law stands on the technology.

WIRED senior writer Andy Greenberg has been reporting on ghost guns for more than a decade. He first used a 3D printer to assemble a gun in 2015, and he says that today’s process is not only faster but cheaper. We talk to Andy about how he legally printed the same gun Luigi Mangione allegedly used in the alleged killing of the United Healthcare CEO last year, and whether US law is keeping up with the technology of 3D-printed guns.

You can follow Zoë Schiffer on Bluesky at @zoeschiffer and Andy Greenberg on Bluesky at ‪@agreenberg. Write to us at uncannyvalley@wired.com.

**Articles mentioned in this episode:**

*   We Made Luigi Mangione’s 3D-Printed Gun—and Fired It
*   Bluesky Is Plotting a Total Takeover of the Social Internet
*   The Delirious, Violent, Impossible True Story of the Zizians

**How to Listen**

You can always listen to this week's podcast through the audio player on this page, but if you want to subscribe for free to get every episode, here's how:

If you're on an iPhone or iPad, open the app called Podcasts, or just tap this link. You can also download an app like Overcast or Pocket Casts and search for “Uncanny Valley.” We’re on Spotify too.

**Transcript**

_Note: This is an automated transcript, which may contain errors._

**Zoë Schiffer:** This is Zoë. Before we start, I want to take a chance to remind you that we really want to hear from you. If you have a tech-related question that's been on your mind or a topic that you wish we'd cover in the show, write to us at uncannyvalley@wired.com. If you listen and enjoy the episodes, please, please rate it and leave a review on your podcast app of choice. It honestly does help other people find us.

Welcome to WIRED's _Uncanny Valley_. I'm WIRED director of business and industry Zoë Schiffer. Today on the show, WIRED built and tested a 3D-printed pistol, the exact same model of the gun that Luigi Mangione allegedly used in the brutal killing of a health care CEO last year. Untraceable and often built entirely in private, those guns remain legal in some parts of the country due in part to a loophole in the US federal gun control laws. Today we hear about the process of creating a ghost gun, how those laws have evolved over time, and what future regulations may come. I'm joined today by Andy Greenberg, a senior writer at WIRED.

Andy, welcome to the show.

**Andy Greenberg:** Glad to be here. Thanks.

**Zoë Schiffer:** Andy, you've been reporting on ghost guns for a long time, and you started out this story with a question. Has the law in the United States actually caught up with the technology? I guess I wanted to start by asking you that same question. Has it?

**Andy Greenberg:** Well, the short answer is no. Even as the technology to make these so-called ghost guns and in particular 3D-printed guns has gotten more powerful, more practical, far, far, cheaper, the law has really lagged behind. It's opened up this space between the technology and the law that has allowed people to make their own guns at home in total privacy and anonymity more easily than ever.

**Zoë Schiffer:** I remember you saying that the first guns took hours and hours and hours. Now they still take half a day, but it's a lot less time.

**Andy Greenberg:** It's definitely faster. I printed two gun frames in 13 hours for this experiment.

**Zoë Schiffer:** Wow.

**Andy Greenberg:** That's probably just a little bit faster than it was 10 years ago, when I first … I should say 10 years ago, I made an AR-15 ghost gun in WIRED's San Francisco office.

**Zoë Schiffer:** Oh my gosh.

**Andy Greenberg:** Three different ways. One of those ways was trying to 3D-print the body of the gun known as the lower receiver of an AR-15. For the Glock-style pistol that Luigi Mangione allegedly used, it's called the frame. I was able to compare how this technology has changed and how well it works to make a gun back then in 2015 and then now. Yes, it's faster, but it's also just much better. And 3D printers are much, much cheaper.

That's perhaps the biggest thing of all. The 3D printer that I used back in 2015 to make the body of an AR-15 cost almost $3,000 alone. The entire ingredient list for my experiments in making allegedly Luigi Mangione's ghost gun was $1,144 or so, plus shipping.

**Zoë Schiffer:** Wow.

**Andy Greenberg:** That includes the cost of the printer, which was about $650. That's an enormous drop in price that has made this much more accessible to people, and just a much more practical way to try to obtain one of these guns in a fashion that completely circumvents all US gun control.

**Zoë Schiffer:** Right, completely. Before we go further on, I think it would be helpful if you explain for the audience what exactly is a ghost gun. What is the loophole that allows these guns to be made?

**Andy Greenberg:** Well, a ghost gun is this term that was originally used by gun control advocates, but now has actually been picked up by a lot of gun proponents as well. It basically means a gun that is homemade that has no serial number, and therefore is not registered with any government agency. You don't have to get a background check or show anyone ID. No gun control of any kind to obtain it. In that sense, it's a ghost.

The notion really is that you make just the parts of the gun that are regulated under US law, and then you can buy the rest of it off the internet or from stores, or whatever. And assemble it at home.

**Zoë Schiffer:** Right, yeah. Now we see why it's called a loophole. That's a pretty serious one. I want to actually go off-script, because I'm curious how you approached the story. But honestly, when I was reading it, I was like, “How the hell did Andy convince our lawyers to let him build not one, but multiple guns in the WIRED office?” I want to know how those initial conversations actually went.

**Andy Greenberg:** Well, the trick was in 2015 that I didn't ask anybody.

**Zoë Schiffer:** Oh, right.

**Andy Greenberg:** I just did it.

**Zoë Schiffer:** Right, right, right.

**Andy Greenberg:** In 2025, that turns out to be a lot harder, and we had to ask a lot of lawyers. We had to have an armorer on set, and a medic, and a special firearms specialist lawyer vet this. Then of course, I spoke to lawyers for the piece as well to make sure that what we were doing was legal. And also, to sketch out US gun control in 2025 and this gaping hole in it for homemade guns.

**Zoë Schiffer:** One of the things we're talking about is what you just mentioned, what has changed since you first started covering the space. You mentioned that the first time you built a 3D-printed gun, you did it in the WIRED office in San Francisco. This time, you actually went to Louisiana. Can you tell me about why that was important? What has changed on the regulatory side?

**Andy Greenberg:** Well, on some level, US law is trying to catch up with this problem, really at the state level mostly. 3D-printing a gun in New York is illegal unless you obtain a serial number for it. That's the same now in California too. My experiment in San Francisco would now be totally illegal. That's the case in 15 US states, that there are some laws around ghost guns.

In fact, there was a ban under Biden from the Bureau of Alcohol, Tobacco, and Firearms on ghost gun kits. These premade kits that allow anybody to finish a Glock-style frame or an AR-15 lower receiver from a plastic, or polymer, or even metal part with just a few tools in a matter of minutes. Those kits are not illegal according to the ATF. There was a Supreme Court ruling just in March upholding that ban.

Part of what I was trying to find out here is, despite a Supreme Court ruling, what's seen as a big crackdown on ghost guns, is this still possible to do legally with a 3D printer? And it is. The Supreme Court ruling basically said you can't sell parts that are readily convertible into a ghost gun, but it didn't say anything about creating one out of thin air and some plastic filaments out of empty space, which is really what a 3D printer does. What we did in Louisiana, where there is no state law around this, remains a wide-open loophole in the law, if you can call it that.

If you 3D-print a frame of a Glock-style pistol, then you can buy the rest of the parts off the internet and assemble it, and you have a gun that is a ghost gun. An anonymous, fully private, lethal weapon.

**Zoë Schiffer:** When we get back, we'll get into the details of how Andy actually made and assembled the ghost gun. But for now, we have to go to break.

\[_break_\]

**Zoë Schiffer**:Welcome back to _Uncanny Valley_. Okay, Andy, I want to get into the gun assembly process. Talk to me about the point from printing, to ordering the parts, to actually putting it together.

**Andy Greenberg:** The printing is definitely the easiest part in 2025. You really can download these files, these CAD files for gun frames from a bunch of different open source websites run by basically opponents of gun control. Then put them into some software and click print, and 13 hours later, in this case I had two perfect Glock-style frames. It was really remarkable how powerful the 3D printer, and cheap it was, that I was using.

The assembly is a lot trickier. That is as hard as ever. It's like assembling a very small piece of Ikea furniture. There's a lot of hammering little pins into place, and assembling the trigger mechanism, and it all has to fit into this small cavity inside of the frame. It took me more than an hour to do, and I was being guided in this process by a 3D-printed-gun aficionado. He calls himself Print, Shoot, Repeat, who was really helpful and patient about it. But I think that for people who know what they're doing, this takes 15 or 20 minutes—

**Zoë Schiffer:** Wow.

**Andy Greenberg:** —to assemble, once you have some practice at it.

**Zoë Schiffer:** OK. Then you shot the gun. What happened? How were you feeling at that moment at the gun range?

**Andy Greenberg:** Well, before I even shot it, there is this incredible moment when you're building a gun. It feels like this interesting, a little technical process, like making a model airplane or something. Then all of a sudden, I'm getting this slide onto the frame and then it clicks into place. Then you see for the first time that you actually have a gun in your hands, that it's a lethal weapon. The way that you have to treat a gun in your hands is so different from a collection of gun parts. Suddenly, it's this lethal weapon, you have to be careful where you point it. It's a really dramatic moment. It was for me, anyway.

**Zoë Schiffer:** There was that final part in the assembly where you put on a silencer, like allegedly Luigi Mangione had on his gun, right?

**Andy Greenberg:** Right. Luigi Mangione, in his backpack allegedly had a 3D-printed silencer too, which is a very new phenomenon, even in the 3D-printed gun world. We built that too. We 3D-printed a silencer. That actually is one part that's different. It's a felony for me to 3D-print a suppressor, a silencer as it's known. We did have an actual licensed gunsmith, the owner of the range that we were about to test that, who pushed print in that case and helped us to build that silencer. When Luigi Mangione allegedly did that, he would have been breaking the law. I would have been too, if not for having a gunsmith on-hand to help us out.

**Zoë Schiffer:** Then it started to jam a little bit. Or I don't know the correct term, but it did malfunction, right?

**Andy Greenberg:** Yeah, it did jam and it misfired several times. We reloaded it and I fired it a bunch more times. It would fire, and then misfire, and fire, and misfire. We did a bunch of troubleshooting, but ultimately we did get it working as a full semi-automatic handgun that could really empty a whole magazine worth of rounds.

**Zoë Schiffer:** You also pointed out that Brian Thompson's alleged killer—their gun also malfunctioned. It looked like, from the videos, that they had practiced a fair amount because they were totally unperturbed by the experience that you had, where the gun jammed, and then you had to troubleshoot, and then keep going.

**Andy Greenberg:** Right. Once we had gotten the gun working as a real semi-automatic, then we put the silencer on, our 3D-printed silencer. The silencer, based on the way that it attaches to the muzzle, it does actually prevent the slide from getting its full range of motion. It no longer actually worked as a true semi-automatic weapon. I had to, every time I pulled the trigger, pull back the slide, rack the gun as they say, which ejects a casing and pushes a new round into the chamber, ready to be fired. You have to manually rack it each time.

But when I looked at the surveillance video of allegedly Luigi Mangione killing Brian Thompson, or whoever that was in that video, you can see that they do exactly that. They pull back the slide with every shot. In fact, they seem to be fully prepared to do that. They don't hesitate at all. It was this eerie feeling of realizing that we had arrived at exactly the place where Brian Thompson's killer did. It was this very unnerving feeling of realizing that I was carrying out exactly the same process, I was going through exactly the same sensations of recoil, and racking, and firing again that I was seeing in this actual murder video.

**Zoë Schiffer:** Talk to me about what proponents of ghost guns say. Why are they for this untraceable and potentially really dangerous technology?

**Andy Greenberg:** I think there's a whole range of people who are interested in ghost guns and 3D-printed guns. Cody Wilson, the creator of the first fully 3D-printed gun, I was there in 2013 when he fired for the first time the Liberator, this fully plastic, fully 3D-printed one-shot pistol. He wants to destroy the state. He's a full-on radical Libertarian who believes that actually making gun control impossible, but demonstrating that it is fundamentally impossible. He can use that as a lever to show that “all government is impossible.”

But then you talk to somebody like Print, Shoot, Repeat, who was the one who helped us out in this experiment. He's also a real advocate for 3D-printed guns. But he told me, “I like this because I like the idea of being able to make my own guns at home. You can experiment with the process, and build guns that are not commercially available, and do it with full anonymity and privacy.” I did ask him, “Doesn't that also pose a real risk? Doesn't the ability for anybody essentially to make a gun at home with anonymity and privacy mean that they can use it to commit a crime?” He, like a lot of gun advocates I think in general, his answer was, “Well, freedom is dangerous,” and that's the American way, essentially.

**Zoë Schiffer:** I was really struck by that in your work. That it really felt like their POV was the occasional outburst of violence is the cost of freedom in this country, which is a very different way of seeing the world. My last question is just where do you think this is all heading? What does 3D printing and the way the technology has developed since you first started covering this space tell us about our ability to regulate guns in the United States?

**Andy Greenberg:** Well, it's just definitely clear that the law in this country is not keeping up with technology on this issue. That's a running theme probably of this podcast and everything we do at WIRED. But it's very visible. I feel like this is almost a parable about the ways that technology runs ahead of the law, especially in this country. And especially in a country where people love to defy the law and break the law. This is one example where Americans, it's the American way to try to have more guns than even our very meager gun control laws would allow us.

For me, as someone who's covered 3D-printed guns since 2012, it just strikes me that this topic caught up and even ran ahead of me in my reporting. I used to think of this as some future threat that I was describing in this science fictional way. Now it's definitely a present threat. In fact, it took me by surprise in December 2024, when a 3D-printed gun was used allegedly in this massively high-profile murder. I don't know. It's a future shock, as Alvin Toffler would call it. Where it's like, “Wow, we are in that future now.” This is a particularly scary one.

**Zoë Schiffer:** We're going to take a quick break. When we come back, we'll share our recommendations for what to read on Wired.com this week.

\[_break_\]

**Zoë Schiffer:** Welcome back to _Uncanny Valley_. I'm Zoë Schiffer, WIRED's director of business and industry. I'm joined today by WIRED senior writer Andy Greenberg. Before we take off, Andy, tell our listeners what they need to read on Wired.com today.

**Andy Greenberg:** Well, this ghost gun story is part of the Rogue's package as we're calling it, all about people on the edge of the law and breaking the law in interesting ways. There's another story in that package that I thought was incredible, written by my colleague Evan Ratliff. It's about the Zizians, this group that went in an extremely irrational direction—became actually this violent militant group. It's a remarkable piece about their evolution and how they came to do truly horrifying criminal things.

There's also this idea in the piece that has just haunted me in the weeks since I read it. It's called Roko's basilisk. It's something that rationalists and AI people talk about. Which is this notion that, if there is going to be a superintelligent AI in the future, it might punish people who were aware that it could be created and didn't work to create it.

**Zoë Schiffer:** That's just so weird and scary.

**Andy Greenberg:** It just really bothers me that there's this idea that's so dangerous you can't even think about it.

But I would also say that I have a piece in this Rogue's package also coming out tomorrow that I've been working on for about a year and a half, about at one point the dark web's biggest dealer in DMT, this incredibly potent psychedelic that he made in secret labs across the western half of the US. I hope you'll check that out, too.

**Zoë Schiffer:** I am very excited for that one. DMT is a big topic of discussion in California these days.

I have another recommendation. I feel like the topic of this podcast has been very, at least to me, and I understand I have my own biases here, a bleak vision of the future. But we also have this interview that our fantastic reporter Kate Knibbs did with Jay Graber, the head of Bluesky. She lays out a vision of the future of the social web that I actually found extremely uplifting.

I thought it was interesting, because Jay uses a lot of the language that you hear from the cutting-edge tech VCs and executives, but she does it in a way that feels completely different from the future that these other people and a lot of the men lay out. I really found her words compelling, and I think everyone should read it.

That's our show for today. We'll link to all the stories we spoke about in the show notes. Make sure to check out Thursday's episode of _Uncanny Valley_, which is about AI in schools and a big question we're having. Is using this technology cheating?

Kyana Moghadam and Adriana Tapia produced this episode. Greg Obis mixed this episode. Pran Bandi was our New York studio engineer. Jordan Bell is our executive producer. Conde Nast's head of global audio is Chris Bannon. Katie Drummond is WIRED's global editorial director.

Why 3D-Printing an Untraceable Ghost Gun Is Easier Than Ever

Global crackdown: Operation RapTor leads to 270 arrests, millions seized as law enforcement targets dark web drug, weapon, and crypto vendors.

In one of the largest global law enforcement actions against dark web crime to date, authorities from ten countries have arrested 270 individuals involved in drug trafficking, weapons sales, and the distribution of counterfeit goods online. The operation has been dubbed Operation RapTor.

Coordinated by Europol and the U.S. Department of Justice’s JCODE task force, the operation followed months of intelligence gathering after the takedowns of several dark web marketplaces: Nemesis, Incognito, Tor2Door, Bohemia, and Kingdom Market. These takedowns gave investigators access to key infrastructure and transaction data, which they used to identify vendors and buyers across the globe.

****A Multi-Continent Crackdown****

The arrests span the United States (130), Germany (42), the United Kingdom (37), France (29), South Korea (19) and several other nations. Authorities also confiscated over €184 million ($200 million) in cash and cryptocurrency, more than 2 metric tons of drugs, 144 kilograms of fentanyl, over 180 firearms, and thousands of counterfeit and illicit products.

Machines used by drug traffickers to produce fake prescription pills (Seized now) Via US DOJ

According to Europol and the DOJ, the scope of the operation reflects the evolving nature of cybercrime, where illegal activity often mirrors legitimate e-commerce in form but thrives in secrecy and deception. Many of those arrested had conducted thousands of sales, using crypto and encryption tools to evade detection.

****Dark Web Isn’t Invisible Anymore****

“This historic international seizure of firearms, deadly drugs, and illegal funds will save lives,” said Attorney General Pam Bondi. “Criminals cannot hide behind computer screens or seek refuge on the dark web.”

The operation also marks a major step forward in dismantling supply chains responsible for fentanyl-laced pills, a growing threat in the opioid crisis. Several US-based vendors convicted as part of related investigations were directly linked to fatal overdoses, including a trafficking ring that distributed over 120,000 fentanyl-laced pills nationwide.

****Targeting Infrastructure and Crypto****

A notable element of Operation RapTor is its focus not just on sellers but also on the marketplace infrastructure itself. The seizure of Nemesis Market, in particular, played a pivotal role. The market’s alleged operator, Behrouz Parsarad, an Iranian national, was sanctioned and indicted on drug trafficking charges.

The IRS Criminal Investigation Division noted that crypto forensics played a central role in tracing illicit transactions. “No digital wallet can hide you from facing justice,” said DEA Acting Administrator Robert Murphy.

****Changing Tactics of Dark Web Operators****

Law enforcement agencies are observing a shift in how dark web vendors operate. As major marketplaces go offline, criminals are increasingly turning to single-vendor shops, smaller, standalone sites that reduce exposure.

While this decentralization makes investigations more fragmented, the Operation RapTor results show that targeted surveillance and intelligence sharing can still yield high-impact outcomes.

The international partnerships powering the operation included not only Europol but also agencies from Austria, Brazil, France, Germany, the Netherlands, South Korea, Spain, Switzerland, and the United Kingdom, along with U.S. federal agencies like the FBI, DEA, FDA OCI, HSI, and IRS-CI.

Europol’s Head of Cybercrime Edvardas Šileris stressed that this operation is not the finish line but the launchpad for deeper investigations. “Operation RapTor shows that the dark web is not beyond the reach of law enforcement and Europol will continue working with our partners to make the internet safer for everyone,” he said in a press release.

Operation RapTor: 270 Arrested in Global Crackdown on Dark Web Vendors

Ever tried resizing an image only to end up with a blurry, pixelated mess? Whether you’re adjusting a…

Ever tried resizing an image only to end up with a blurry, pixelated mess? Whether you’re adjusting a photo for a website, social media, or an email campaign, keeping your images sharp and professional is essential.

But if you’ve worked with JPEG files, you’ve probably noticed how resizing can significantly impact quality. That’s where Pippit AI comes in, a powerful AI-driven tool that helps resize images while preserving their clarity.

JPEG remains one of the most commonly used image formats due to its balance of quality and file size. However, it’s also a lossy format, meaning that every time you modify it, some image data gets discarded.

This is why resizing JPEGs can result in lower-quality images. But don’t worry, there are ways to minimize quality loss and ensure your resized images look crisp and professional. Let’s explore why resizing affects JPEGs and how you can avoid common pitfalls.

****Why Does Resizing JPEG Affect Quality?****

Resizing an image might seem like a simple task, but when it comes to JPEGs, it’s a bit more complicated. Unlike vector graphics, which remain sharp at any size, JPEGs rely on pixel data, making them vulnerable to distortion when resized. Let’s break down the key reasons why quality drops when modifying a JPEG.

****Compression Artefacts: The Cause of Pixelation and Blurriness****

JPEG compression works by simplifying image data, removing subtle color variations, and grouping similar pixels. While this reduces file size, it also introduces compression artefacts, and visual distortions such as pixelation, blurring, and color banding. When a JPEG is resized, these artefacts become more pronounced, making the image look low-quality or “muddy.”

For example, if you shrink a high-resolution JPEG to a small size and then enlarge it again, you’ll notice a significant drop in clarity. This happens because JPEG compression has already removed key details, and stretching the image back only amplifies the missing information.

****Lossy Compression Explained: Why JPEG Loses Data with Every Resize****

JPEG uses a lossy compression algorithm, meaning that each time a file is saved or resized, some image data is permanently lost. Unlike PNG or TIFF files, which preserve quality through lossless compression, JPEG reduces file size by discarding unnecessary details.

Imagine making a photocopy of a photocopy, the more copies you make, the worse the quality gets. This is exactly what happens when you repeatedly resize a JPEG. Each adjustment results in slight quality degradation, leading to a loss of sharpness and color accuracy over time.

****Resizing vs. Scaling: The Key Difference****

Many people use the terms resizing and scaling interchangeably, but they are not the same. Resizing changes the image’s pixel dimensions (e.g., reducing a 2000×1500 image to 1000×750 pixels), which can lead to a loss of detail if not done correctly.

Scaling maintains the aspect ratio while adjusting the image’s size, preserving more of the original details. When resizing a JPEG, it’s important to maintain the correct aspect ratio and avoid excessive downscaling, which can make the image look stretched or distorted.

****Repeated Resizing: Why It Makes Things Worse****

Every time you resize a JPEG, it undergoes another round of compression. If you resize an image multiple times, shrinking, enlarging, and then resizing again, you’ll notice a compounding effect of quality loss.

To prevent this, always work with the original high-resolution image and resize it only once to the required dimensions. If you need to make multiple adjustments, use a tool designed to minimize compression loss.

****How to Resize JPEG Images Without Losing Quality****

Now that we know why JPEGs lose quality when resized let’s discuss how to prevent it. By following these best practices, you can maintain sharp, high-quality images even after resizing.

****Use High-Quality Source Images****

The golden rule of image resizing: start with the highest resolution possible. A larger, high-quality image retains more details, making it easier to resize without noticeable degradation. If you begin with a low-resolution JPEG, any resizing will amplify quality issues.

****Choose the Right Tool for the Job****

Not all resizing tools are created equal. Basic image editors may simply stretch or shrink an image without accounting for quality loss. That’s why using an AI-powered resizer, like the resize of JPEG tool from Pippit AI, makes a difference. AI algorithms intelligently enhance images while resizing, preserving sharpness and reducing compression artefacts.

****Resize in Small Increments****

If you need to significantly change an image’s size, avoid drastic one-step resizing. Instead of shrinking an image from 3000px to 500px in one go, resize it in smaller steps to help maintain clarity. This approach prevents excessive pixelation and preserves details.

****Use Proper Resampling Methods****

Resampling determines how pixels are adjusted when resizing an image. Standard resizing methods can blur details, but advanced resampling techniques like Bicubic and Lanczos interpolation help maintain crisp edges and smooth gradients. AI-based tools automatically apply the best resampling method, ensuring top-quality results.

****Introducing Pippit AI: A Smart Solution for Resizing JPEGs****

Resizing images doesn’t have to be a frustrating process. Pippit AI simplifies it by using AI to enhance images while resizing, ensuring minimal loss of quality. Unlike traditional tools, which often produce blurry or pixelated results, Pippit AI’s innovative resizing features ensure sharp, professional-looking images every time.

****What Makes Pippit AI Stand Out?****

*   **AI-Powered Resizing:** Automatically optimizes images for the best quality.

*   **No Manual Adjustments Needed:** Ensures perfect clarity with smart resampling.

*   **Multi-Platform Compatibility:** Resize images for websites, social media, and digital ads effortlessly.

****3 Easy Steps to Resize a JPEG Using Pippit AI****

Resizing images with Pippit AI is a quick, three-step process:

****Step 1: Upload Your Image****

Drag and drop your JPEG or select it from your files. The tool supports high-resolution images and automatically analyzes them for the best resizing approach.

****Step 2: Adjust Size with AI-Powered Controls****

Enter the desired dimensions, and the AI ensures the best balance between file size and quality. It automatically enhances sharpness and reduces artefacts, making the image look professional.

****Step 3: Export to High Quality****

Once resized, download your JPEG in the optimal resolution for web, social media, or email use. Pippit AI ensures the image remains sharp and clear, even after resizing.

****Conclusion****

Resizing JPEGs without losing quality requires more than just adjusting dimensions. It demands the proper techniques and tools. Since JPEGs use lossy compression, resizing them improperly can result in pixelation, blurring, and color loss. By following best practices like using high-quality source images, AI-powered resizing tools, and proper resampling methods, you can maintain sharp and vibrant images.

Why Image Quality Drops When Resizing a JPEG (and How to Fix It)

The Lumma infostealer infrastructure has suffered a serious blow by a coordinated action of the DOJ and Microsoft.

The US Department of Justice (DOJ) and Microsoft have disrupted the infrastructure of the Lumma information stealer (infostealer).

Lumma Stealer, also known as LummaC or LummaC2, first emerged in late 2022 and quickly established itself as one of the most prolific infostealers. Infostealers is the name we use for a group of malware that collects sensitive information from infected devices and sends the data to an operator. Depending on the type of infostealer and the goals of the operator, infostealers can be interested in taking anything from usernames and passwords to credit card details, and cryptocurrency wallets.

Lumma operates under a malware-as-a-service (MaaS) model, meaning its creators sell access to the malware on underground marketplaces and platforms like Telegram. This model allows hundreds of cybercriminals worldwide to deploy Lumma for their own malicious campaigns.

What makes Lumma particularly dangerous is its wide range of targets and its evolving sophistication. It doesn’t just grab browser-stored passwords or cookies. It’s also capable of extracting autofill data, email credentials, FTP client data, and even two-factor authentication tokens and backup codes, which enables attackers to bypass additional security layers.

As Matthew R. Galeotti, head of the Justice Department’s Criminal Division put it:

> “Malware like LummaC2 is deployed to steal sensitive information such as user login credentials from millions of victims in order to facilitate a host of crimes, including fraudulent bank transfers and cryptocurrency theft.”

Over the last few months alone, Microsoft identified over 394,000 Windows computers infected with Lumma worldwide. The FBI estimates that Lumma has been involved in around 10 million infections globally.

Using a court order from the US District Court for the Northern District of Georgia, Microsoft’s DCU seized and facilitated a takedown, suspension, and blocking of approximately 2,300 malicious domains that were part of the infostealer’s backbone.

Most of the seized domains served as user panels, where Lumma customers are able to access and deploy the infostealer, so this will stop the criminals from being able to to access Lumma in order to compromise computers and steal victim information.

Government agencies and researchers sometimes alter DNS addresses to lead the traffic to their own servers (called sinkholes). By redirecting the seized domains to Microsoft-controlled sinkholes, investigators can now monitor ongoing attacks and provide intelligence to help defend against similar threats in the future. This takedown slows down cybercriminals, disrupts their revenue streams, and buys time and knowledge for defenders to strengthen security.

**How to protect yourself**

Even with the Lumma infrastructure disrupted, the threat of information stealers remains very real and evolving. Here are some practical steps to reduce your risk:

*   **Use strong, unique passwords** for every account and consider a reputable password manager to keep track of them.
*   **Enable multi-factor authentication (MFA)** wherever possible. Although Lumma tries to bypass 2FA, having it still adds a crucial layer of defense.
*   **Be cautious with emails and downloads.** Lumma often spreads through phishing emails and malicious downloads, sometimes disguised as legitimate CAPTCHAs or antivirus software.
*   **Keep your software and operating system updated** to patch vulnerabilities that malware can exploit.
*   **Regularly monitor your financial and online accounts** for suspicious activity.
*   **Educate yourself about phishing and social engineering tactics** to avoid falling victim to trickery.
*   **Use an up-to-date real-time anti-malware solution** to block install attempts and detect active information stealers.

By understanding how threats like Lumma operate and by taking the necessary steps to protect ourselves, we can reduce the risk of falling prey to these invisible thieves.

You can use Malwarebytes’ free Digital Footprint Portal to see if any of your data has been stolen by a Lumma infostealer. We have many millions of stolen records stemming from Lumma stealers that are being traded on the Dark Web in our database.

**We don’t just report on threats – we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Lumma information stealer infrastructure disrupted 

Talos has observed exploitation of CVE-2025-0994 in the wild by UAT-6382, a Chinese-speaking threat actor, who then deployed malware payloads via TetraLoader.

UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware

Cybercriminals are using AI-based tools to generate voice clones of the voices of senior US officials in order to scam people.

The FBI has issued a warning about an ongoing malicious text and voice messaging campaign that impersonates senior US officials.

The targets are predominantly current or former US federal or state government officials and their contacts. In the course of this campaign, the cybercriminals have used test messages as well as Artificial Intelligence (AI)-generated voice messages.

After establishing contact, the criminals often send targets a malicious link which the sender claims will take the conversation to a different platform. On this messaging platform, the attacker may push malware or introduce hyperlinks that direct targets to a site under the criminals’ control in order to steal login information, like user names and passwords.

The AI-generated audio used in the vishing campaign is designed to impersonate public figures or a target’s friends or family to increase the believability of the malicious schemes. A vishing attack is a type of phishing attack in which a threat actor uses social engineering tactics via voice communication to scam a target—the word “vishing” is a combination of “voice” and “phishing.”

Due to the rapid developments in AI, vishing attacks are becoming more common and more convincing. We have seen reports about callers pretending to be employers, family, and now government officials. What they have in common is that they are after information they can use to steal money or sensitive information from the victim.

**How to stay safe**

Because these campaigns are very sophisticated and targeted, it’s important to stay vigilant. Some recommendations:

*   Independently verify the identity of the person contacting you, via a different method.
*   Carefully examine the origin of the message. The criminals typically use software to generate phone numbers that are not attributed to a specific mobile phone or subscriber.
*   Listen closely to the tone and word choice of the caller. Do they match those of the person allegedly calling you? And pay attention to any kind of voice call lag time.
*   AI-generated content has advanced to the point that it is often difficult to identify. When in doubt about the authenticity of someone wishing to communicate with you, contact your relevant security officials or the FBI for help.

If you believe you have been the victim of the campaign described above, contact your relevant security officials and report the incident to your local FBI Field Office or the Internet Crime Complaint Center (IC3) at www.ic3.gov. Be sure to include as much detailed information as possible.

**We don’t just report on threats – we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Scammers are using AI to impersonate senior officials, warns FBI 

The new major release of Red Hat Enterprise Linux (RHEL) brings a number of important improvements in the confidential computing domain. This article covers the most important features available now in both RHEL 10 and RHEL 9.6: Full support for RHEL Unified Kernel Image (UKI), including FIPS and kdump supportIntel Trusted Domain Extension (TDX) guestsTrustee attestation clientFull support for RHEL Unified Kernel Image (UKI)First introduced in RHEL9.2 as a Technology Preview, UKI for RHEL is a UEFI Portable Executable (PE) binary containing the Linux kernel, initramfs, and kernel command line.

The new major release of Red Hat Enterprise Linux (RHEL) brings a number of important improvements in the confidential computing domain. This article covers the most important features available now in both RHEL 10 and RHEL 9.6: 

*   Full support for RHEL Unified Kernel Image (UKI), including FIPS and kdump support
*   Intel Trusted Domain Extension (TDX) guests
*   Trustee attestation client

**Full support for RHEL Unified Kernel Image (UKI)**

First introduced in RHEL9.2 as a Technology Preview, UKI for RHEL is a UEFI Portable Executable (PE) binary containing the Linux kernel, initramfs, and kernel command line. Having all these parts in one binary allows for extending Secure Boot protection to cover the whole operating system boot process. This is important in various scenarios where the operating system starts booting from an untrusted storage, such as a confidential virtual machine (CVM) on a public cloud.

RHEL UKI is shipped  in the kernel-uki-virt package, and currently supports x86\_64 architecture only. In the future, we plan to add other architectures that support UEFI firmware, in particular, ARM64 (Aarch 64). 

RHEL UKI is targeted at virtual machines and cloud instances. It can be used when the following prerequisites are met:

*   UEFI firmware is used for booting (legacy BIOS boot is unsupported)
*   Storage is NVMe, Virtio, or VMBus
*   The drive uses GPT with standard partitioning. The partitioning scheme must be compliant with systemd-gpt-auto-generator. LUKS encrypted volumes are also supported
*   Root volume uses XFS or Ext4 filesystem

UKI is based on systemd-stub and as a PE binary, and it can be booted directly from UEFI firmware. At Red Hat, we recommend using the shim bootloader when booting UKI. This allows the use of additional security mechanisms provided by shim, such as Machine Owner Key (MOK) and Secure Boot Advanced Targeting (SBAT). To simplify managing UEFI variables, uki-direct package (part of python3-virt-firmware) contains a convenient kernel-bootcfg tool. This package can also be used to implement A/B booting, in which the newly installed UKI is tried once and, in the event it boots successfully, becomes the default.

With the release of RHEL 10 and RHEL9.6, RHEL UKI technology is fully supported. Note that RHEL UKI can also be extended using the addons mechanism. 

**RHEL UKI supports FIPS mode**

In some cases, when using RHEL UKI, it may be necessary to modify an otherwise static kernel command line. In particular, switching RHEL to FIPS mode requires the fips=1 parameter on the kernel command line. To simplify common use cases, RHEL UKI ships with a set of pre-built and signed kernel command-line extensions included with kernel-uki-virt-addons package. With this package, FIPS enablement on the kernel command line is as easy as copying an addon to the EFI system partition:

    # rpm -q kernel-uki-virt kernel-uki-virt-addons 
    kernel-uki-virt-5.14.0-569.el9.x86_64 
    kernel-uki-virt-addons-5.14.0-569.el9.x86_64 
    # cp \ 
    /lib/modules/5.14.0-569.el9.x86_64/vmlinuz-virt.efi.extra.d/fips-enable-virt.rhel.x86_64.addon.efi \ 
    /boot/efi/EFI/Linux/`cat /etc/machine-id`-5.14.0-569.el9.x86_64.efi.extra.d/ 
    # reboot 
    

After rebooting, you can verify that fips=1 appeared on the kernel command line:  
 

    # cat /proc/cmdline 
    console=tty0 console=ttyS0  fips=1 
    

Note that in RHEL 9, you must also use fips-mode-setup to switch system-wide crypto policies to FIPS mode. With RHEL UKI, launch it with the --no-bootcfg switch:

    # fips-mode-setup --no-bootcfg

**RHEL UKI supports kdump enablement**

Similar to FIPS, enabling kdump requires memory reservation. This is done by specifying crashkernel= parameter on the kernel command line. For convenience, kernel-uki-virt-addons includes signed addons for most common use cases:

    # ls -1 /lib/modules/`uname -r`/vmlinuz-virt.efi.extra.d/ \ 
    | grep crashkernel 
    crashkernel-1536M-virt.rhel.x86_64.addon.efi 
    crashkernel-192M-virt.rhel.x86_64.addon.efi 
    crashkernel-1G-virt.rhel.x86_64.addon.efi 
    crashkernel-256M-virt.rhel.x86_64.addon.efi 
    crashkernel-2G-virt.rhel.x86_64.addon.efi 
    crashkernel-512M-virt.rhel.x86_64.addon.efi 
    crashkernel-default-virt.rhel.x86_64.addon.efi 

To enable the required addon, copy it to the /boot/efi/EFI/Linux/\`cat /etc/machine-id\`-\`uname -r\`.efi.extra.d/ directory.

**Intel Trust Domain Extension (TDX) guests are now fully supported**

Intel Trusted Domain Extension (TDX) is a confidential computing technology from Intel that provides hardware-isolated virtual machines (called a "trusted domain" or TD). Intel TDX provides confidentiality, authenticity, and integrity guarantees.

Support for running RHEL inside a TDX trusted domain was introduced with the RHEL 9.2 release as a Technology Preview. With the RHEL 10 and RHEL 9.6 releases, this use-case is fully supported. In particular, RHEL can be used on Google's C3 machine series in Google Cloud as well as on Microsoft Azure DCesv5 and ECesv5 series (currently in public preview).

**Trustee client in RHEL**

Remote attestation is an essential part of Confidential Computing because it proves the trustworthiness of an environment before confidential data can be put there. In a previous article, we described the IETF remote attestation procedures architecture (RATS) model and the Trustee project, and how these can be applied to Confidential Containers. RHEL 9.6 and 10 make using Trustee simple, and the Trustee client is included as the trustee-guest-components package. Note that the client is offered as a Technology Preview and can be used for development and testing purposes.

**Summary**

When confidentiality and security is an absolute priority, you can run RHEL on state-of-the-art hardware technologies, like AMD’s SEV-SNP and Intel’s TDX, with confidence that the software shipped with RHEL, such as RHEL UKI, is stable. Red Hat focuses on the ease of consumption of confidential computing technologies, making sure they are available to all customers running RHEL in virtualized and cloud environments.

New updates for Red Hat Enterprise Linux on confidential virtual machines

Microsoft disrupts Lumma Stealer network, seizing 2,000 domains linked to 394,000 infections in global cybercrime crackdown with law enforcement partners.

Microsoft, in a global takedown with support from international law enforcement agencies, has disrupted a major malware distribution network responsible for widespread credential theft, financial fraud, and ransomware attacks. The operation targeted Lumma Stealer, an infostealer malware used by hundreds of threat actors to steal sensitive information from nearly 400,000 infected Windows devices.

This coordinated effort involved Microsoft’s Digital Crimes Unit (DCU), the US Department of Justice, Europol, and cybersecurity partners across the private sector. Together, they seized more than 2,300 domains and dismantled Lumma’s infrastructure, severing the connection between attackers and their victims.

****A Malware-as-a-Service Operation with Global Reach****

Lumma Stealer has been marketed through underground forums since at least 2022 as a plug-and-play solution for cybercriminals looking to steal everything from passwords and credit card numbers to crypto wallets and banking credentials. Its ease of use and adaptability helped it gain traction among threat actors, including high-profile ransomware groups like Octo Tempest.

The tool is often spread through phishing campaigns, malvertising, and malware loaders. In one campaign earlier this year, attackers impersonated Booking.com to lure victims into downloading malware-laced files, a tactic that continues to fool even experienced users.

Microsoft’s Threat Intelligence team has tracked Lumma’s activities closely, identifying widespread infection patterns from March through May 2025. Heat maps shared by the company illustrate the global footprint of this malware, with heavy concentrations of infected devices in North America, Europe, and parts of Asia.

****Legal Action and Infrastructure Seizure****

According to Microsoft’s blog post, on May 13, Microsoft filed legal action in the US District Court for the Northern District of Georgia, securing a court order to block and seize the malicious domains linked to Lumma’s command structure. Simultaneously, the DOJ took control of the central infrastructure, and law enforcement agencies in Europe and Japan shut down local servers supporting the operation.

More than 1,300 domains have already been redirected to Microsoft-controlled servers, known as sinkholes, which now gather intelligence to help protect users and support ongoing investigations. This move cuts off the malware’s ability to transmit stolen data or receive instructions from attackers.

****The Business Behind the Malware****

Lumma wasn’t just malware, it was a business. Sold under a tiered subscription model, it offered services ranging from basic credential theft tools for $250 to full source code access for $20,000. Its creator, known online as “Shamel,” ran the operation like a startup, promoting Lumma with a distinctive bird logo and slogans that downplayed its malicious intent.

In a 2023 interview with a security researcher, Shamel claimed to have 400 active customers. His public presence, despite his involvement in widespread fraud, reflects a broader issue: cybercriminals operating with impunity in jurisdictions that don’t prioritize enforcement or international cooperation.

****Industry Response and Moving Forward****

The effort to dismantle Lumma drew support from a wide range of companies, including ESET, Cloudflare, Lumen, CleanDNS, BitSight, and GMO Registry. Each played a role in identifying infrastructure, sharing threat intelligence, or executing takedowns quickly and efficiently.

Notice on the sites seized by authorities (Via Microsoft)

“This shows how powerful the combination of law enforcement and industry can be,” said Thomas Richards, Infrastructure Security Practice Director at Black Duck, a Massachusetts-based cybersecurity firm. “Dismantling this operation will protect hundreds of thousands of people. But just as important is the follow-up, making sure victims are alerted and supported.”

Richards added that the growth of the Malware-as-a-Service market in recent years requires consistent collaboration across sectors to limit the damage from such tools.

****What You Can Do****

While this operation disrupted one of the most widespread info-stealers online, Lumma is just one of many threats targeting users every day. Microsoft and security professionals advise the public to:

*   Be cautious with email links and attachments
*   Use reputable antivirus and anti-malware tools
*   Keep operating systems and software updated
*   Enable multi-factor authentication wherever possible

Lumma Stealer was a favourite among cybercriminals because it worked, and it worked at scale. By shutting down its infrastructure, Microsoft and its partners have disrupted the ability of malicious actors to operate efficiently. But as long as cybercrime remains profitable, the fight continues.

Microsoft Dismantles Lumma Stealer Network, Seizes 2,000+ Domains

Russian cyber threat actors have been attributed to a state-sponsored campaign targeting Western logistics entities and technology companies since 2022.
The activity has been assessed to be orchestrated by APT28 (aka BlueDelta, Fancy Bear, or Forest Blizzard), which is linked to the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, Military Unit 26165.

Tag

#intel