- Europol disrupts Rhadamanthys, VenomRAT, and Elysium, seizing servers, domains, and arresting one suspect
- The malware infrastructure held hundreds of thousands of stolen credentials and over 100,000 crypto wallets
- Operation Endgame beforehand dismantled main malware networks, although some like DanaBot have resurfaced
Europol has launched the most recent part of its Operation Endgame, seeking to disrupt the actions of a few of the largest malware operations energetic at the moment.
A press launch printed on Europol’s web site claims between November 10 and 13 its brokers, along with nationwide legislation enforcement businesses from a handful of European international locations, disrupted Rhadamanthys, VenomRAT, and Elysium.
The actions resulted in additional than 1,000 servers both taken down or disrupted, 20 domains seized, and 11 places searched (one in Germany and Greece, and 9 within the Netherlands). Moreover, one particular person was arrested, suspected of working VenomRAT.
Europol’s actions
The dismantled malware infrastructure consisted of “lots of of hundreds of contaminated computer systems containing a number of million stolen credentials,” Europol defined.
Lots of the victims have been oblivious to the very fact they have been focused, it added, and stated that the primary suspect behind the infostealer had entry to “over 100,000 crypto wallets” probably value hundreds of thousands.
Information of the operation first surfaced two days in the past, when unbiased safety researchers noticed Rhadamanthys’ customers being locked out of the platform. These customers, in addition to the malware’s operators, blamed the German authorities for the disruption, and urged their customers to cowl up their tracks.
Operation Endgame’s final exercise was in Could 2025, when Europol and Eurojust dismantled a ransomware kill chain. In that operation, the police seized roughly 300 servers, took down 650 domains, and issued worldwide arrest warrants in opposition to 20 people. The police additionally seized €3.5 million in numerous cryptocurrencies.
Disrupting malware operations is commendable, however with out arrests, it is just a matter of time earlier than they resurface. DanaBot, one in all operations that have been taken down in Could, resurfaced six months later, with rebuilt infrastructure and new cryptocurrency wallets to siphon stolen funds to.
Different backdoor, malware, and loader operations that have been disrupted by means of Operation Endgame embrace IcedID, Smokeloader, Qakbot, and Trickbot.
Through Infosecurity Journal
The very best antivirus for all budgets
Observe TechRadar on Google Information and add us as a most popular supply to get our professional information, opinions, and opinion in your feeds. Be sure to click on the Observe button!
And naturally you can too observe TechRadar on TikTok for information, opinions, unboxings in video type, and get common updates from us on WhatsApp too.
