Categories: CyberCrimeSecurity

Int’l Police Target Botnets In ‘Operation Endgame’

Police in Europe and the US coordinated what authorities said was the largest ever action against botnets, infrastructure used to place malware such as ransomware on users’ and organisations’ systems, in a move that targeted the infrastructure of “dropper” software including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot.

Droppers are small pieces of code placed on targeted systems, usually via malicious email attachments, that are able to in turn download further malware onto the system, including ransomware.

By targeting botnets, infrastructure made up of hacked computers, authorities hoped to disrupt the ability of numerous malware actors to place their code onto victims’ computers.

The action, called “Operation Endgame”, was led by France, Germany and the Netherlands, supported by EU judicial cooperation agency Eurojust and involved Denmark, the UK and the US, with additional support from Armenia, Bulgaria, Lithuania, Portugal, Romania, Switzerland and Ukraine and private security companies.

A still from a video released by authorities on the Operation Endgame website. Image credit: Europol


In addition to taking down 100 servers in Europe, Canada and the US, authorities arrested one person in Armenia and three in Ukraine, searched 16 locations in Armenia, the Netherlands, Portugal and Ukraine, and took control of more than 2,000 domains.

The investigations revealed that one of the main suspects has earned at least 69 million euros (£59m) in cryptocurrency through renting out criminal infrastructure sites to deploy ransomware.

“The suspect’s transactions are constantly being monitored and legal permission to seize these assets upon future actions has already been obtained,” Europol said in a statement.

Authorities set up an Operation Endgame website where they said they would announce further actions.

“Operation Endgame does not end today,” Europol said.

Eight suspects wanted by Germany and now on Europol’s Most Wanted list. Image credit: Europol

Financial damage

Dutch police said the financial damage to individuals, organisations and governments inflicted by the botnets ran to the hundreds of millions of euros.

“Millions of people are also victims because their systems were infected, making them part of these botnets,” Dutch police said.

“This operation shows that you always leave tracks, nobody is unfindable, even online,” said Stan Duijf of the Dutch National Police in a video statement.

Germany is seeking the arrest of seven people suspected of being involved with the Trickbot malware organisation and an eighth person suspected of being one of the ringleaders behind Smokeloader.

Europol said the eight individuals were being added to its Most Wanted list.

A still from a video released by authorities on the Operation Endgame website. Image credit: Europol
Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

AT&T Cloud Hack Part Of Ongoing Campaign, Experts Say

Hack of nearly all AT&T customers is part of campaign carried out by criminal gang…

20 mins ago

SpaceX Falcon 9 Rocket Explodes In Orbit

Second stage of SpaceX Falcon 9 rocket explodes in orbit in company's first failure since…

50 mins ago

Tesla Delays Robotaxi Event To October

Tesla shares volatile after report says it delays robotaxi event two months to allow teams…

1 hour ago

Honor Launches ‘World’s Slimmest’ Foldable AI Smartphone

Huawei spin-off Honor looks to compete with Samsung, Huawei, Apple with slim Magic V3 foldable…

2 hours ago

AT&T Admits Data Breach Impacted “Nearly All” Customers

American telecommunications giant AT&T admits that “nearly all” customer accounts were compromised in 2022 breach

3 days ago

Elon Musk’s X Breached DSA Rules, EU Finds

X's Blue checks 'used to mean trustworthy sources of information. Now our preliminary view is…

3 days ago