Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Domains seized and servers taken down in global cybercrime action

(Operation Endgame graphic)

By THREAT BEAT STAFF

Coordinated actions have targeted Rhadamanthys, the Remote Access Trojan VenomRAT and the botnet Elysium. 

Between November 10 and 13, the latest phase of Operation Endgame, organized by Europol and Eurojust, saw authorities take down these three large cybercrime enablers. The main suspect for VenomRAT was also arrested in Greece on November 3.

Operation Endgame is a joint effort between law enforcement and judicial authorities of Australia, Belgium, Canada, Denmark, France, Germany, Greece, Lithuania, the Netherlands, the United Kingdom and the United States to tackle ransomware enablers. Cryptolaemus, Shadowserver and RoLR, Spycloud, Cymru, Proofpoint, Crowdstrike, Lumen, Abuse.ch, HaveIBeenPwned, Spamhaus, DIVD, Trellix and Bitdefender provided support.

The infrastructure dismantled during the action days was responsible for infecting hundreds of thousands of victims worldwide with malware. Operation Endgame resulted in at least 1,025 servers being taken down or disrupted worldwide and 20 domains seized.

The dismantled malware infrastructure consisted of hundreds of thousands of infected computers containing several million stolen credentials. Many of the victims were not aware of the infection of their systems. The main suspect behind the infostealer had access to over 100,000 crypto wallets belonging to these victims, potentially worth millions of euros. The failing criminal services are exposed via the Operation Endgame website.

Click to listen highlighted text!