An international operation coordinated by Europol has resulted in several arrests and the takedown of numerous cybercriminal networks. The operation focused on tackling the growing problem of the weaponization of botnets, which are strings of connected computers. Cybercriminal gangs use botnets to install droppers, a type of malicious software designed to install other malware, such as ransomware, onto a targeted system.
Between 27 and 29 May of this year, Europol’s “Operation Endgame” targeted droppers, including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot. The actions focused on disrupting criminal services, making arrests, taking down criminal infrastructures, and freezing illegal proceeds.
“Operation Endgame” has had had a global impact
According to Europol: “This is the largest ever operation against botnets, which play a major role in the deployment of ransomware… This approach had a global impact on the dropper ecosystem.”
Operation Endgame has so far resulted in four arrests: three in Ukraine and one in Armenia. Following the action days, eight fugitives linked to these criminal activities, wanted by Germany, will be added to “Europe’s Most Wanted list “on 30 May. These individuals are wanted for their involvement in serious cybercrime activities. Over 100 servers were taken down or disrupted in Bulgaria, Canada, Germany, Lithuania, the Netherlands, Romania, Switzerland, the United Kingdom, the United States, and Ukraine. Over 2,000 cybercriminal domains are now under the control of law enforcement
One of the main suspects has earned at least €69 million in cryptocurrency by renting out criminal infrastructure sites to deploy ransomware. The suspect’s transactions are constantly being monitored, and legal permission to seize these assets upon future actions has already been obtained.
The Europol-coordinated operation, initiated and led by France, Germany, and the Netherlands, was also supported by Eurojust and involved Denmark, the United Kingdom, and the United States. Armenia, Bulgaria, Lithuania, Portugal, Romania, Switzerland, and Ukraine also supported the operation with different actions, such as arrests, interviewing suspects, searches, and seizures or takedowns of servers and domains.
The operation was also supported by several private partners at the national and international levels, including Bitdefender, Cryptolaemus, Sekoia, Shadowserver, Team Cymru, Prodaft, Proofpoint, NFIR, Computest, Northwave, Fox-IT, HaveIBeenPwned, Spamhaus, DIVD, abuse.ch, and Zscaler.
